Malware Analysis Report

2025-06-15 23:13

Sample ID 241109-nkx1zstdjn
Target fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N
SHA256 fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2

Threat Level: Likely benign

The file fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 11:27

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 11:27

Reported

2024-11-09 11:30

Platform

win7-20240903-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe

"C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2980-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2980-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2980-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-VeRsZRxndh82BFuX.exe

MD5 912b294b5fa8299b3291b1db6db01b55
SHA1 24564a322c13d8ffc08f5b2536f74adbfa3cee33
SHA256 c047647d87c75f59065cae17a9b90d769b3a4c7a3d6c6bcfd39f13b848ffe442
SHA512 11646565c5c6399e2396fdcb6ec9b3795adbdafa87baa8054fb126dd825ca605d98da84c646cf338ae7f892c660f83a8f3bd6e5871864c13c45bd260b3fc706e

memory/2980-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2980-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 11:27

Reported

2024-11-09 11:30

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe

"C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 147.108.222.173.in-addr.arpa udp

Files

memory/3932-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3932-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3932-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3932-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-T201BiCalAEWICAt.exe

MD5 c12e5686d4ecbdaf6802226f333903ef
SHA1 bbe6d8793e22a5d215100c7681d79b811e40e0f8
SHA256 f5cb79493add9fca9574efcd907afb7261fe20e13bd4485ebac7e088b5d1118f
SHA512 6ffa0470ec3ef9a176ebf18c4e47426b2b2eabbca0e4fcb4a0e3cb3a9a40407b692f7ce1c2cf3ed85d8eb0a46eb6106934f0b9c5fb0d0eaf556b82d85e9d15ed

memory/3932-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3932-22-0x0000000000400000-0x000000000042A000-memory.dmp