Malware Analysis Report

2025-08-10 13:41

Sample ID 241107-mqdzmazndt
Target b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N
SHA256 b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974

Threat Level: Likely benign

The file b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:39

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:39

Reported

2024-11-07 10:41

Platform

win7-20241023-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe

"C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2952-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-esMukkq6mqoIM1lv.exe

MD5 f8dfd483e4c064028b19dc1742cb65af
SHA1 01fec2d1fc2d0a0f1e751ef855bc7940a09f6591
SHA256 b542ad05951d0300f0ecefd602094e886c28da8e2b577a83143efb183fdbaa48
SHA512 a0f39146832b997f97bff9945ce2168adef9730f9b523aa18ba43ccdb506408a5aa1684c046cc28488652171197a35c24b4204c490d19073f261d53481e77975

memory/2952-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:39

Reported

2024-11-07 10:41

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe

"C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/4868-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4868-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4868-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-qaWVWbFMKAQoaqCF.exe

MD5 916f3e568d5d882089d73f437cd84fda
SHA1 a071cede84e5ea70b4d583da18fbca7469dc1a73
SHA256 4692765576c4ea7b6cdcfcf3096663af8bf779f61d6c1e0cb70e9d2e1a744aa9
SHA512 e0a6118db3c27ac831a32776c8b138c062e65e8351b180b4985617738fa0aa0652f310a1c67773e6b8695a56bbf7f0993bac35dcd15ab31a9da40b79f9ffba2a

memory/4868-11-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4868-19-0x0000000000400000-0x000000000042A000-memory.dmp