Malware Analysis Report

2025-04-03 19:52

Sample ID 241109-wwrx4symas
Target 23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N
SHA256 23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2

Threat Level: Likely benign

The file 23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:16

Reported

2024-11-09 18:18

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe

"C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2224-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2224-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2224-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-kNUBVrVn032HxuPs.exe

MD5 c8584d30e9de59a8f48c8626b307c145
SHA1 13a27635f1cc54b680870e370d3b4072ee73de68
SHA256 2484f311b3071dfecb7854749a7acee945be9724d40848ef3a42e06d7109a1b4
SHA512 ca495886f860b0ac60fae08ec0e6073cdb7cc36e1390f259631b5b495622e6c45493b33342786abc36748319b6728fa1299392b322d062408fb6bbb3f779d4f7

memory/2224-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2224-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:16

Reported

2024-11-09 18:18

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

113s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe

"C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/2972-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2972-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2972-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2972-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-mcVna2zOaOyENjn2.exe

MD5 242aea0c7a516162bef10e41096ff029
SHA1 260601d93d73e523da3022d9efd401c7e82721ff
SHA256 33086427ea22f1aab90bed69274028164d86017fbb32f990703248619feb5594
SHA512 c174f7fe3ac2f7a6eb0860ff43cf38567291feab6f76b2381cdc184be771f3b72c44638c1200954dc338ec83c8bfee92b6ce87fc88a3a1f56c7928289ad48d94

memory/2972-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2972-22-0x0000000000400000-0x000000000042A000-memory.dmp