Malware Analysis Report

2025-08-11 06:33

Sample ID 241109-md2j6avqgl
Target 3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N
SHA256 3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083

Threat Level: Likely benign

The file 3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N was found to be: Likely benign.

Malicious Activity Summary

discovery

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 10:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 10:21

Reported

2024-11-09 10:23

Platform

win7-20240708-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe

"C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1740-0-0x0000000000400000-0x0000000000427000-memory.dmp

memory/1740-4-0x0000000000400000-0x0000000000427000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-5QfjuQnFqlyRTvBW.exe

MD5 c7dc6323646a999ebec1cc484fd6956c
SHA1 cdf493570b919b37a1af79a56aac447d5520a81b
SHA256 4a66d3e522d8001af9ac1c90f730373284f70f9cdcd11571037babba41d62428
SHA512 3dd6fd3bc9dc1b0c91cd5e6fa163272ba40ed0aba0bd9904d9abb484f3b8b5543f6c3a351d73a5e5b2a2d2fda366e3435017e53ee7552d255824cd1a7edf7382

memory/1740-11-0x0000000000400000-0x0000000000427000-memory.dmp

memory/1740-21-0x0000000000400000-0x0000000000427000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 10:21

Reported

2024-11-09 10:23

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe

"C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/1092-0-0x0000000000400000-0x0000000000427000-memory.dmp

memory/1092-7-0x0000000000400000-0x0000000000427000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-bomwTSVNtt0YWaDx.exe

MD5 c782ecc92f0912f2b06eabe32d85d630
SHA1 7d88a98979189026a74707a734273800172a5b71
SHA256 cdc8474c19937fa52c785edfec0be61892e3ba079006011f243ab7e69b03f28b
SHA512 e5bad449b5103c3b7cac4d76e893a936eb1daa82fd1e2e9153588fba4d9feea1cef505f6358dda6252e8d220b6f3a52d67bf550a507ba760da55c3aa162257db

memory/1092-14-0x0000000000400000-0x0000000000427000-memory.dmp

memory/1092-21-0x0000000000400000-0x0000000000427000-memory.dmp