Malware Analysis Report

2025-05-28 21:05

Sample ID 241109-qwv2wayjdl
Target d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N
SHA256 d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8

Threat Level: Likely benign

The file d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 13:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 13:37

Reported

2024-11-09 13:39

Platform

win7-20241023-en

Max time kernel

110s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe

"C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1872-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1872-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1872-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-pjWZzWSq2Mgvtu1Y.exe

MD5 6e88cc4148e4cec8870b404e84f3ca4d
SHA1 eee3bb89ed4fd05cab36eb13505e35b0f7f63b7e
SHA256 bca90f68e68b9ec6dc630eaa81ba296db2807a0b2479e4ce8a1023d3dec501a4
SHA512 b8aa869d8b958904a235aeffcbac366bdcf5a55a0820b2bf22bb21c49800b8d65865390a3ac0943f3b629c30ee1bdb80268e94ef60880183caa185dc9873a639

memory/1872-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1872-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 13:37

Reported

2024-11-09 13:39

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe

"C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

memory/4744-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4744-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4744-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4744-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-ezQ94h48ifa9pJr2.exe

MD5 e609fbb2206d58fbb8dcf0bd6bf86db3
SHA1 c5c32e67f5be58c0d2a8b851a0498d3091a50aba
SHA256 0ac8e9e4eb8a62e7b09c022b309cea04b61708568cad01ee219f041ee539fb1f
SHA512 0c2e875d0c2bf493944a3529f1f8aa91a633d2bb6b1795e480d353ca4ea59f302a3ab9f755088abf2523d9cbc7656361e130095baebcb218279705e68023d510

memory/4744-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4744-22-0x0000000000400000-0x000000000042A000-memory.dmp