Malware Analysis Report

2025-08-05 10:32

Sample ID 241107-thpvgsvgpj
Target 074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N
SHA256 074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9

Threat Level: Likely benign

The file 074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 16:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 16:03

Reported

2024-11-07 16:05

Platform

win7-20240903-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe

"C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2228-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2228-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2228-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2228-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-2HcTx2QaiFRUxQCT.exe

MD5 288f564a427be99853818e6fc9d4758c
SHA1 2de54b3a5b624506590278b6975fc41ecee71450
SHA256 7c49aefe607e81c58d4219f0bafff43fbcb684e3b544d804de906b9c1cc0af68
SHA512 a491fe4cceafd65bd8be9828f7c57e4da611c7e54d64d4fbb38b7a490c5d6bdd9ab7a49c6c8d8e88912a74dc4493703dfebe2eb7f243f0f8684e9ad3de57cec6

memory/2228-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2228-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 16:03

Reported

2024-11-07 16:05

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe

"C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2696-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2696-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2696-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2696-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-zqc84lT2rdwBBy5D.exe

MD5 8473ea4800ffc3ea996064e0f0125825
SHA1 b085953d08dcee3b2b736e1d0df58166c5fca15a
SHA256 040bd10b4c180c6081f453d382cc3ab33333748d5d5b42e94fbf2777b9f18294
SHA512 98aca402721806b9e01dad2ebf124b9986ba18ca9fb150e41267a663a7d5097c65bc061b486f8affc34e00bfbc075335f0e82fc9a81f64ad2a917f7695cba3c7

memory/2696-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2696-22-0x0000000000400000-0x000000000042A000-memory.dmp