Malware Analysis Report

2025-08-05 10:32

Sample ID 241107-tawytsvjgx
Target bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN
SHA256 bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bff
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bff

Threat Level: Likely benign

The file bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 15:51

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 15:51

Reported

2024-11-07 15:53

Platform

win7-20241010-en

Max time kernel

111s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe

"C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2004-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2004-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2004-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-FwGngnggqfT1Yf5v.exe

MD5 7cb8b289630dbb5cf5ead46703301c5c
SHA1 a04d257aca62cceaa03ab82995fc39280bec723b
SHA256 a33d1252c2459f36d92ea92013b3ffdf88838c3caccab43dcc60b112fe70b6c1
SHA512 3e85b84f6d31d0da92ac7b70e8b2a82829d854c74ab20df3ea89865b3e47979dbd53302cdca08521ce6fe955f6ed36cd99762fa3b09d5e7bec97f5fe7e9d5573

memory/2004-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2004-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 15:51

Reported

2024-11-07 15:53

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe

"C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/2556-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2556-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2556-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-xTjpXmsCI4JzKOOd.exe

MD5 ed90976f758b79b9d187e0e9f1ba04d0
SHA1 05ec6d68db54ca01426906ca1a4cc83297699167
SHA256 7b03f64870a49b5311ea1b9c3c1a699c49c6a7f25a47abec9edbaa907351edae
SHA512 4a7b7ecee489f59ef8980f7c4a49c99a3b8cc5c00a8d69eb9b0c63b4693ae8a0e1837598cdc66141b404a711702a269aae058d066ad395167b53cac26ee1fcd1

memory/2556-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2556-19-0x0000000000400000-0x000000000042A000-memory.dmp