Malware Analysis Report

2025-04-03 19:53

Sample ID 241109-wzxmrszbpg
Target 2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N
SHA256 2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5

Threat Level: Likely benign

The file 2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:22

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:22

Reported

2024-11-09 18:24

Platform

win7-20240903-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe

"C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2716-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2716-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2716-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-3hjQRStUo5rN85DG.exe

MD5 fe07eae209a3d01db9b8dae306650925
SHA1 74e7772bdbea52d98e9ffca72a7cd89d243d9ffd
SHA256 b3a38776c65235b7a333dab7f6110f25cf2299cf90c0385e87cfe908948e9044
SHA512 30a6a0436979970df24a8aed3c7db674ca8984f04e36e6c18ff07e00448e3857995dd164bdc3fb5e92ed097c2754d2a6ede35c12218abc769bedbc1238cad453

memory/2716-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2716-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:22

Reported

2024-11-09 18:24

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe

"C:\Users\Admin\AppData\Local\Temp\2b41aa57af301fee6b90c06c53be509004f3f55800296ccf4439dac314c5dec5N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3152-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3152-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3152-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3152-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-sbokHh0gexBmE33P.exe

MD5 ff3966c7ab9365fb93b8facb5d73f21b
SHA1 5606bbcda994cf9f0d44d64a60c9a42c186eb3c0
SHA256 ab7a1cb31c7670416174e372e261b9c1e63d4c9a886307c06f8bc5f33cc1bfb7
SHA512 2a19cf77a66e94b252cabd5229bd63bc8f6fce703bf01bca2db261090ad850325f9c983f026187cbfebb04533d59d60ca7c5ef451e170e775ae5854947da5d90

memory/3152-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3152-22-0x0000000000400000-0x000000000042A000-memory.dmp