Malware Analysis Report

2025-08-06 01:19

Sample ID 241107-sfcxgaxjbq
Target 04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N
SHA256 04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210

Threat Level: Likely benign

The file 04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:03

Reported

2024-11-07 15:05

Platform

win7-20240903-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe

"C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/3056-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3056-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3056-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-g7iPp0pJB8QFiFL4.exe

MD5 1c495f2b67a9aa3e140fd0c4a9ebe221
SHA1 cecfe8c8e2b90d9be25be30f1bdd77271d78842d
SHA256 dcc32f0f460ded09d7609c472922e61a8962507bbaf76722fd16772de5ca63ea
SHA512 ba460704a7d641688a2e4f0eb66e8ad0504ba1e3ebfdb15a61861d89586a05664a7c46157b1399118c5f2cbcfb09840382bd92a2a6490a77f8eebb36aedbb813

memory/3056-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3056-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 15:03

Reported

2024-11-07 15:05

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe

"C:\Users\Admin\AppData\Local\Temp\04fa8af11049c4ad44e2ed4a935ed3fe6880fa779ec2d66d62ef4ce4f0af4210N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/3460-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3460-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3460-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-PQTYMXFlm3soFwif.exe

MD5 31c29766a6fbb81758c9ef335de97576
SHA1 3001d4c7013e6fca9a58e532cea5550afd8510bf
SHA256 b3bb125590554496a1c4ef80fae8dc2f04b67391c3222139ffef15de7f88cf6f
SHA512 4bf030b700133b6ec5f022076c745b7418d0dc786ac8e419f1f6afa2e328c4c273030a7310c4d5efe859610f1aba6e9a051878fa7716c715e72e75563e3a3ac1

memory/3460-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3460-22-0x0000000000400000-0x000000000042A000-memory.dmp