Malware Analysis Report

2025-08-05 10:33

Sample ID 241107-s7r6gaxnep
Target 90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584
SHA256 90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584

Threat Level: Likely benign

The file 90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584 was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 15:46

Reported

2024-11-07 15:48

Platform

win10v2004-20241007-en

Max time kernel

140s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe

"C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2792-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2792-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2792-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-w1UUU3fpp4XVH9pR.exe

MD5 ea588b89621770448b1bf13bda5ca64b
SHA1 43250dd41f81bd073f97dd12c3e36a4448fd6012
SHA256 dcb2e6f68df91aa70e57e86d9f059c0b624f1beec134ac5750b189ab6469f58a
SHA512 43852471bcf36f4573ae15cec3aa2262e9f8f55066de0107cfb28e3b124f01f3059c9583871e75d42df2b4ab23f718048f36539ce7f1d174cec60d59a1e4f3e3

memory/2792-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2792-20-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2792-30-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:46

Reported

2024-11-07 15:48

Platform

win7-20240903-en

Max time kernel

141s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe

"C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2328-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2328-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2328-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-1oMCHqg4Y80CqkKb.exe

MD5 8a5bbde8a016244adc34388de185de8f
SHA1 a334e2f1d9dec19a00ba3c6bcfc2c793edb1dd2d
SHA256 45491eabac91a3773ad9d5deae925bcc27672cdf5106c3a1bec8a60942c3ead9
SHA512 9a95ff07d67134ffa968102b8c932e7a48ddc150f5895fba47f3927f3c4e8f7ed8de2233881f4f7c034e8dd96cf3491eaf34d791cb83dff9714647bbd36e3098

memory/2328-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2328-22-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2328-29-0x0000000000400000-0x000000000042A000-memory.dmp