Malware Analysis Report

2025-05-28 21:05

Sample ID 241109-qyv5navhla
Target f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N
SHA256 f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131

Threat Level: Likely benign

The file f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 13:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 13:40

Reported

2024-11-09 13:42

Platform

win7-20241023-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe

"C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/3060-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3060-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3060-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-uISXhvOrRykcB0Ci.exe

MD5 13e12729734669258b3a58c09ee0de21
SHA1 974ecafec41cfe9c68822e3745faebd4636a4207
SHA256 e7c4a2a3a8fd46497b813499d70b5875f99c5389c2c59144dc0b21103d484552
SHA512 6e758f07950b5aba7e42383c94fe4479d96b826a8663caf9d103a22055f3211bc19494a710b553005662458eb477c8d61e463327e7905353dba1232c136f35e1

memory/3060-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3060-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 13:40

Reported

2024-11-09 13:42

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe

"C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 100.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/468-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/468-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/468-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/468-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-4fRVUJQMlJkocWJn.exe

MD5 3ce81f75fe1ac7fdc7301fdb157b4133
SHA1 0ba604af9df8d8c0e1a61676b88d6bef97679607
SHA256 51842ef048ab130297b506d6dff2ba73c49092c5c1dadf64c7f56dd9c5dec487
SHA512 a4e4b21c55e8823a9d083c1017836d55380052ad26cd78dab2be0a661fcdee5ad5c3ea5e008cc7603682eb38ae12459aa806ef103defd63ed5f3b445a187a0c0

memory/468-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/468-21-0x0000000000400000-0x000000000042A000-memory.dmp