Malware Analysis Report

2025-05-28 21:05

Sample ID 241109-qxqtjsvhjh
Target f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN
SHA256 f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04d
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04d

Threat Level: Likely benign

The file f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 13:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 13:38

Reported

2024-11-09 13:40

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe

"C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 67.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp

Files

memory/2220-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2220-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2220-4-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-X6fNGfLezX0jkDUx.exe

MD5 8d2e377fdcef5552222fd326e8b7a13c
SHA1 373800c89278aa5c9cbdf412598fa32bf2638a37
SHA256 b4fab7b57be69b81a9620a1f3517ff0e14cc080ce3ea4f471e2d583fd13b745f
SHA512 fe68ef2f841d12dd18b3eadc52629c73b1d819852c0a790f17d9fa4e16531344daef8b7dbefc30fb48bcc32072c4fdae6c6131063e0bd4b4d86754c87a9e09d7

memory/2220-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2220-21-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 13:38

Reported

2024-11-09 13:40

Platform

win7-20241010-en

Max time kernel

110s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe

"C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2292-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2292-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2292-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-mosVKy7YYKbqnPrT.exe

MD5 1f3bbf6a57b4fe4058778b7403f7c373
SHA1 c200aea5fe8f94b1d8d9c20a9a213052e7b41973
SHA256 0f419631a29e8b0c9bce9c43dfbbd4c5a6801b2fcff2e1331318629a7cae8e1b
SHA512 dfad95de31f272625186b59d39d090cd86fda9f7f388ed9963c3b311b44f60d0165c0f00aad53cb4523f597456652b030050dee061da3ac2853b5c70d6e1f0c1

memory/2292-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2292-23-0x0000000000400000-0x000000000042A000-memory.dmp