Malware Analysis Report

2025-04-03 19:52

Sample ID 241109-w5zz3syndz
Target 2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN
SHA256 2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136ae
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136ae

Threat Level: Likely benign

The file 2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:30

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:30

Reported

2024-11-09 18:33

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe

"C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/4632-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4632-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4632-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4632-8-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4632-11-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-k9H2yknSWqRNoVB2.exe

MD5 661231c388f3f49f94597287e6eedb48
SHA1 17c5fc29b9cc4e312819c43969d804e5796db363
SHA256 881e33b592443599193fc27e03c359aa2713c747df81ffe614357034d8aaa559
SHA512 991c6f2db550667fded4eee92dca109de0374ff93668156deda7f32122b1c9503d44103bf4868b89addc625da5f402285606235aac821e6536aa961702a37eed

memory/4632-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4632-19-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:30

Reported

2024-11-09 18:33

Platform

win7-20241010-en

Max time kernel

111s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe

"C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2348-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2348-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2348-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-sdLMKvjdSmq2v2MJ.exe

MD5 28e08cc7eb17e29546d07beb3db14249
SHA1 55be79b8de867702c180ce4df8f0c70c401cc149
SHA256 4f2a4342251261edd050ed58f871acf6e77d2231ff618cd415b2aa1af27c2b67
SHA512 7aa73dd62ccac7b775b1e9bfdb9dc694b9c2270cdd60cd11db49909a4e6160867f920aa45fd762627eaaa8adc23bcd1027de49943da2775c83151d07771ba5f2

memory/2348-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2348-22-0x0000000000400000-0x000000000042A000-memory.dmp