Malware Analysis Report

2025-05-28 21:06

Sample ID 241109-qtraxatrf1
Target 1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN
SHA256 1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7a
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7a

Threat Level: Likely benign

The file 1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 13:33

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 13:33

Reported

2024-11-09 13:35

Platform

win7-20240903-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe

"C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2316-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-kacQOWB2Mz5TxGYA.exe

MD5 7a2d4a0ef76295adc334dfc6dc4046de
SHA1 a5d6703349266f575f9344e17d205bfd4eca4197
SHA256 f6a71ce05b44d8c864e130cc19e73a6f91ac1762b53c01485fefcf856018793f
SHA512 9d6322363eba69d14941048c17e0f4703a44b94f94e2b3c3eefdf60045163421f435288bc3ad2e39735ee3ae0dd9dbc6bbe9c3c42fa7a06dadedb40b4fe7971b

memory/2316-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 13:33

Reported

2024-11-09 13:35

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe

"C:\Users\Admin\AppData\Local\Temp\1e7531d45a8fee50604ad0294bcfdc8ab2a0e5ba6b54f90e6b48dea22faeaf7aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/3512-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3512-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3512-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3512-8-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3512-11-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-1quUVnN63LfWdyMu.exe

MD5 12a14e998f275dab76943316771f525d
SHA1 2f72729e12a281b70f887010d57e8913bfbcc56a
SHA256 2d0963341805b0e5b2732ebe120a8f055d171a57394ef4563a3acf15704f6e26
SHA512 f7ac085995aee932dc00a28704fa8111d6f753d6deef8dafd36994c534db3f2e395e3aa7cb86c75eff958b93c1b83de2b70fcd4106030fb273893391da5ca6ab

memory/3512-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3512-22-0x0000000000400000-0x000000000042A000-memory.dmp