Malware Analysis Report

2025-04-03 19:52

Sample ID 241109-w2p1pszcmk
Target 53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN
SHA256 53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0b
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0b

Threat Level: Likely benign

The file 53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:25

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:25

Reported

2024-11-09 18:27

Platform

win7-20241010-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe

"C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2036-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2036-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2036-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Z01JLWCCxTfc6dYQ.exe

MD5 cd75c7c40055b1173a3fbfe4cc4a9f1f
SHA1 5b3afc9e758a813a0990b4085fb68a43aece3bbb
SHA256 8dafae213737ba91e02154b0c630631872af29c05e4ad1d27b13b46daf356cea
SHA512 c8842f4d26267ca67e5611c8d6ceb48db1243ac9233392122b14e31d7aeafcb92c1cb1d01c3968c0675681d439429bef5993f32f43a9636ca4f1c9bf4be4b01a

memory/2036-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2036-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:25

Reported

2024-11-09 18:27

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe

"C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/368-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/368-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/368-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-dZeeTweODtNMgi35.exe

MD5 6b66335323b9f3ede9dba0bce04c98ce
SHA1 8fe2bb48fc425a0e55b49ba01c53f2caed763a59
SHA256 1449b94810eb5bee62889c52716e5088b986daa428f477a1447b50a93b93c56e
SHA512 aa54275687c893a76a973467b20071d0c906c0d512663fa15a09a92d25df8973b8268e7927f2fe15c1345ab696eee6cd0eb8ec1b85663f1540aea3abc76e9acb

memory/368-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/368-19-0x0000000000400000-0x000000000042A000-memory.dmp