Malware Analysis Report

2025-08-10 13:41

Sample ID 241107-myw56s1ckh
Target a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N
SHA256 a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21

Threat Level: Likely benign

The file a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:52

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:52

Reported

2024-11-07 10:55

Platform

win7-20240903-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe

"C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2556-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2556-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2556-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-TX2e4gYW7oViOxuF.exe

MD5 0c19ef0dfdb4be61fb3a1accc8804653
SHA1 198884015eb1a61657edd06ce85272f56ea63bf6
SHA256 9e09f43d580c61e3763ace024c5f15d404eb5955339c13821f6daf8437c05d3a
SHA512 17564363a42d488de8266aa1b17d0973235bae334fc9b3aa001cc4ff95da2a02ad49c6d9a9029aca6d46febad43cd5468229eaddaaebcafc0c1306abfdf1333e

memory/2556-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2556-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:52

Reported

2024-11-07 10:55

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe

"C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2256-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2256-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2256-8-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2256-12-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-oFCDqjkUswiuvtCm.exe

MD5 50c01fcfd00270764e40b6575d3bd5c7
SHA1 265fa6a878bd01f08550bc85e1dc1392efc193b8
SHA256 0833fa82eaea5e4b9146bcfa211496f1526c08b14d133380a29ffe5ad3bbd05d
SHA512 f585f86e2c9633c009b2fc6936700c44272590ff238f9d36dff171a73a92b18118869918a168766ad31f5b5f50b07487b2dcc855e0b00d222793903c2478c8e7

memory/2256-20-0x0000000000400000-0x000000000042A000-memory.dmp