Malware Analysis Report

2025-06-15 23:12

Sample ID 241109-ngafhstcrh
Target c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN
SHA256 c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39c
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39c

Threat Level: Likely benign

The file c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 11:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 11:21

Reported

2024-11-09 11:23

Platform

win7-20240903-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe

"C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2112-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2112-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-MnQdzFu3Psi153HS.exe

MD5 4c73bc9ae9b40130181ef5795edfa1de
SHA1 b40c8d2c964ff2b62531bbff541b5ce7f91108a3
SHA256 18bdfb4566604752b385a7cc2d2e6f951cad4768c5aa9dc588b8d578214ba26c
SHA512 366dff841d6a5f54bb61eb899ea6fb7ff32f395a82b9f0a66f7c28f89ace691ba2ab06bcb31618102a30e91d3b4a56160a859761674eae0ec5866388e2330dfc

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 11:21

Reported

2024-11-09 11:23

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe

"C:\Users\Admin\AppData\Local\Temp\c5c0031f999664b18c5d6b75af9a48d802ad296c96607ae2974818533b11c39cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 114.108.222.173.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/2148-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2148-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-ttrwEOROdaptLiR2.exe

MD5 1e49e7e57e6bca8998196738a3a4c0b0
SHA1 d0cdee0e009b54a665bb815ec487081f3bc1b1a2
SHA256 97b9809f5190dc48973b3890e305f3514002823bb25ad014edff0fc945c60b09
SHA512 48844bd6573402e1fc7bf14d834e54d4687053cb50d367a6ea80a7004b94d3549ebfc84c7ba45c2d0fb912ae60ae5997236ad944bbd2e37eef7b5d8e33930c09