Malware Analysis Report

2025-08-10 13:40

Sample ID 241107-mxe59stlbn
Target 7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N
SHA256 7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8

Threat Level: Likely benign

The file 7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:50

Reported

2024-11-07 10:52

Platform

win7-20241023-en

Max time kernel

110s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe

"C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1776-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1776-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1776-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-VDi5jjkwPZh9liPg.exe

MD5 65e18b8b1fb55cda30f275d9524ddd67
SHA1 2b7733d48a8ea674a54ea506ffd15d59586c2d0f
SHA256 6d0a9af4b62ed9f3eb5e37d540fff66c663a069b8a388f98f99bf9a780fc7d1f
SHA512 9ba5b8b395b896d44652125552494e01c626a5b49c692af1c4a7385c9df5b34c1a092f32cb7a95be6490f614514ee321486b83fb332457fcbce6cd3aef432304

memory/1776-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1776-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:50

Reported

2024-11-07 10:52

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe

"C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1536-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-11-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-eisHMjYN7sEap245.exe

MD5 10bfccbf2eeeb524ba5b4ce526becec5
SHA1 dad0d60e2d5925f522b0869411c29398eb802df0
SHA256 1fd7f70a5e88a0285b3d85e99a5622b4f8836467e732a9a784820aa3dc6913e8
SHA512 b12f53358a32d6ef520d32deda47dbb01e48e154a5d4941813684c6c2b5935ac363458071b968840fb719fe726feea979caf1aca17bac9ff622fe8d855cfa44a

memory/1536-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-22-0x0000000000400000-0x000000000042A000-memory.dmp