Malware Analysis Report

2025-05-28 21:07

Sample ID 241109-rwe64ayphj
Target d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N
SHA256 d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05

Threat Level: Likely benign

The file d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 14:32

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 14:32

Reported

2024-11-09 14:34

Platform

win7-20240708-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe

"C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2476-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2476-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2476-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-xsfy4ja7HJ03K66l.exe

MD5 996597e71010bbae725f1e29b9651c45
SHA1 5d3ffa85b81f10444fba47239084c3884612d53a
SHA256 7f7532370257975ecb5e134919a56ad2cb1896e8b004e52c48422dd69589960d
SHA512 f10151a94c0b06f68a380a1306ca18c3692c38247c55910f0340bfe1190bf059d80242edca80956fd3a9c8410e8d13ecebca7805e896bddf91f1f0475aa29617

memory/2476-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2476-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 14:32

Reported

2024-11-09 14:34

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe

"C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/4292-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4292-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4292-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4292-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Ten38Mn12OGyJZeh.exe

MD5 2bf444709203043278458c980844407e
SHA1 9cd0efd072751ec0b9cbdc2349daf467973c1fe3
SHA256 19f2da11e65507e4f13f4d0a0c32d46965d936dfa3c8efad69cdc3c9be1bb2cd
SHA512 d6efa7674aa77ae0ae9b735d2b937489616a4a20543869b17bd68eaca0d3bd0e91c9cd63b0b95c3d84f35cfaba58070fc3dfe3387f7e4bdbb08a37488279080e

memory/4292-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4292-23-0x0000000000400000-0x000000000042A000-memory.dmp