Malware Analysis Report

2025-08-05 10:35

Sample ID 241107-sr7wzsxlam
Target cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N
SHA256 cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286

Threat Level: Likely benign

The file cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:22

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:22

Reported

2024-11-07 15:24

Platform

win7-20240729-en

Max time kernel

119s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe

"C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2088-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2088-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2088-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-leyvSw54kx16coNA.exe

MD5 28b1ab36aad51d96676404a2b8ae3099
SHA1 457752784baba29ac52dcfd893319ea5ab3ed59e
SHA256 0dd4de3d71133b87a3063930cb45704e6a078d36cddf16fb0da13ad069d841cc
SHA512 c903080b6336f0020a477be576a39a14b34d9c3e75e847be451c0bf17d95b6b7dc75c289608ee8f28eb107f2631c2b474a8646c1d62dc8424d701a0b68e742cb

memory/2088-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2088-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 15:22

Reported

2024-11-07 15:24

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe

"C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/2952-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-TXsLxjszpxRZZgeb.exe

MD5 29e7092497c916774135948f6ecaabd8
SHA1 5e4b8d99a738c5cb9e17be59dde7d919bea4eccd
SHA256 32b216342f36ee9eacbe2c9e7b521e0ae93e5b132ae5e02f48a98d8b8f76d8b4
SHA512 c78b390c97232eb2f7274ae489adea0bf91eb563cd7c6eab1ed4ca9008a851ad8200cc4c99ab67adf1e5da16c36f4c4a52f637d8a1394fb3ab6511e7deb392fd

memory/2952-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-18-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2952-22-0x0000000000400000-0x000000000042A000-memory.dmp