Malware Analysis Report

2025-06-15 23:12

Sample ID 241109-nnjb1awpck
Target 8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N
SHA256 8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780

Threat Level: Likely benign

The file 8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 11:32

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 11:32

Reported

2024-11-09 11:34

Platform

win7-20240903-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe

"C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1152-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1152-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1152-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-ERFUgp94vY3bOt7O.exe

MD5 c627540231e4851d5cf2a6b360c83f89
SHA1 f3bae5c061f10c560323ef1c47848440cbc05c74
SHA256 d3267ad8d0eb3f1ff3147373c3039500cf6af1fdc95eefa7ae1ed603f58683e5
SHA512 b4421148b5df06a4dcecaa7b4eef6784a44f961d771e1ca7f08410c0edcb3f009b59247ae98c1cccd3520d9f7372b38cf67e800820c69db07586fd3dfbcb919d

memory/1152-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1152-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 11:32

Reported

2024-11-09 11:34

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe

"C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/1404-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1404-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1404-6-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1404-12-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-7HelGkS9jxsxcjDq.exe

MD5 354b49aece24f04e626eff925893fb1d
SHA1 3e0220886a5fe455aea5629195bdde679d48e762
SHA256 765adc8982be721fb1ada4394f65ebf54852af91a10793902beaa7d1e92191e5
SHA512 4082a3df4b8c85ae22fe6cde5fb4f2ac4607bf18f108080a68e50d8cb79e63010edce83226f94c207b9f9ef93e37e948cff8771526db617c58e283cb7e192e5a

memory/1404-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1404-20-0x0000000000400000-0x000000000042A000-memory.dmp