Malware Analysis Report

2025-06-15 23:12

Sample ID 241109-nmk47sspet
Target f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N
SHA256 f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84

Threat Level: Likely benign

The file f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 11:30

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 11:30

Reported

2024-11-09 11:32

Platform

win7-20240729-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe

"C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2168-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2168-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2168-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-kbZjYNQhlPRBR4M5.exe

MD5 9a46c43071e70d25a1f087ea47a02587
SHA1 5530c4dc02a24d1f700ea225e9d821692b2b70d3
SHA256 3694865bd2fa7c73de04f12c2000d3aebf651b7bc9dce8ddf9a00d63cd237561
SHA512 2ad80cb97e3e53eb390f93846da56ee04a22711a2f0a217c73cf834b9ff7b652e77540745cf39c4b127b16803b822261c23b15530a42d7be5902870b01015ce4

memory/2168-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2168-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 11:30

Reported

2024-11-09 11:32

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe

"C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 101.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4760-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4760-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4760-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-zmgNDGHQ3JkAM7Oq.exe

MD5 3b4d6d85b6293cde6996791a92e37cc6
SHA1 f65b71b224df88c6ca27a54ca64b6ed2940a8490
SHA256 a4dab750c3ca8ae22927e6357fa5f5807da718c18187ce1f8f567012a8b42d43
SHA512 8912ffacd11d854bdfc117c5edc092e1a04bf9111ebcaa3473f1721dffc13009543f86d8e0f254ef38530a51d068be6a25a04d3a38dad73f5cd7b643c36f1e05

memory/4760-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4760-21-0x0000000000400000-0x000000000042A000-memory.dmp