Malware Analysis Report

2025-06-15 23:12

Sample ID 241109-nmqppatdlq
Target 2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N
SHA256 2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7

Threat Level: Likely benign

The file 2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 11:31

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 11:31

Reported

2024-11-09 11:33

Platform

win7-20241010-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe

"C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2932-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2932-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2932-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Q6pLQra8xDAgjZI7.exe

MD5 f7238f6d523fb269638b4bca5c1ed54c
SHA1 95ba1c3f861009fe669062fd7dc16ef7f94a65e6
SHA256 2a8cc0418b55647dbae5ed309cdc9e7015534c4aedd1793601d208d87d6a8830
SHA512 3e57e85fde1efba176a7b2d76742cba77f758dcd27fc4e60b87ce94d670dbf7e140e777f605639f978e52dc56b591fd979aa9d711550acc28e890fe973ba8cf6

memory/2932-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2932-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 11:31

Reported

2024-11-09 11:33

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe

"C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 147.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp

Files

memory/2116-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2116-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2116-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2116-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-PLweSb6fUYXhPTdz.exe

MD5 9736e76618855232acf3e4f560939857
SHA1 055dfc3577633f2c7ada3d91efae91136e7a11f9
SHA256 2aa248bf9e99480a642ae0469c003e0d6a1ac9870e3f1631a4e6ddc3d490c08e
SHA512 a7bc2ed572d88d8f2e578216f16a9ec6231bdd42f93860ec007cbfca3c7506c3ee47196683d681c5e37f3581ef1737f5553f8cfdc3a88e0e8b5e638f830538d5

memory/2116-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2116-22-0x0000000000400000-0x000000000042A000-memory.dmp