Malware Analysis Report

2025-06-15 23:13

Sample ID 241109-pash7atgnj
Target 6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N
SHA256 6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1

Threat Level: Likely benign

The file 6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 12:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 12:07

Reported

2024-11-09 12:10

Platform

win7-20241010-en

Max time kernel

111s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe

"C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/564-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/564-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/564-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/564-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-09SID8SzqDKNMinq.exe

MD5 eb3bc16804e1a48b0860537e19c0fa74
SHA1 58d8e7c859cfa73f94cfbcbe0bc560e99432782e
SHA256 e7efb57254f9b58bdf14899d5c607446d9c809dbea637d27e411d2d0894a0f7f
SHA512 3966d522016874f4df1891b192bd00083cadd691b74cb756f086db10494d04f89910add04c1d280906994030b674e302cea77d30e3e6f9f168e0196603639fee

memory/564-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/564-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 12:07

Reported

2024-11-09 12:09

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe

"C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 68.208.201.84.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/2560-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2560-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2560-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2560-8-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2560-11-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Wtu8M76YZkGRLpsp.exe

MD5 9c72c6ce7274698d573d83a8f5ed50cf
SHA1 58dc62e8ff63870063fdae3da3fd5d33ce43f3c9
SHA256 2431aab70ee425477a7867c63631b9fec8395be2bb8bac1ce1a4f1a8ac3846ca
SHA512 7acdd8dc49180d8b74bcf96ba0dbe9946c989d1895d6f2c0318137c1616d1204b9a7582f77ba10368355f8e776f0163f6d125a1ef9c253443eeb40d2f1bcbb35

memory/2560-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2560-22-0x0000000000400000-0x000000000042A000-memory.dmp