Malware Analysis Report

2025-08-06 01:19

Sample ID 241107-sgf1hsvbnn
Target 8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN
SHA256 8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1bea
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1bea

Threat Level: Likely benign

The file 8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:05

Reported

2024-11-07 15:07

Platform

win7-20240903-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe

"C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2256-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2256-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2256-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-6lVvdJlNife82AUm.exe

MD5 74497594169a70225495cf91df764b34
SHA1 e5bf635802a157f3514e10de77a6a39cdba23177
SHA256 ab8fe3a225daa566e524c36cf950be6ea76f6bc472b320ec12b525c1a59a0e5e
SHA512 b7a8e298f8609c9f4969c60a9ca50facf4db0a07a91244b1302caf52688b70ec91cac81c3ce79d0da8095252579bf1f3f68b688c1666fec6129f335c1c2bb934

memory/2256-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2256-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 15:05

Reported

2024-11-07 15:07

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe

"C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/1568-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1568-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1568-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-YcisCNEktJfDvfac.exe

MD5 410e0a8262b72cd762c96ac7d4666ac6
SHA1 42d3bb1dd896a5b8186ede633c88778a9705114d
SHA256 53c80eb6c1b331fa8bc8e38563d463a62add9721d56e4899c6267b8cd8008f36
SHA512 85274fbf763526c91410cee31b5ae3e2920375e2bda544a6f30a4d96b54aab0b249e9e9c5e9aa835c8c80fec2836e80863c5e43aa6dbf3a5cd691654374e84cd

memory/1568-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1568-22-0x0000000000400000-0x000000000042A000-memory.dmp