Malware Analysis Report

2025-04-03 19:54

Sample ID 241109-x258cstjhj
Target 9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN
SHA256 9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493b
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493b

Threat Level: Likely benign

The file 9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 19:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 19:21

Reported

2024-11-09 19:24

Platform

win7-20241010-en

Max time kernel

113s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe

"C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2904-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2904-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-NEoRRlj5KSfkW5Cd.exe

MD5 a72ff9dc7cda3fe379e288ffac1ea9ab
SHA1 aa264b0fbbbbe5e3d525f05f6341c3c27f983b74
SHA256 7f0ef53961909804f36177c9dc8d51ec8efe8dc72a7d5ddad1b844fa7871e1af
SHA512 60cb455f8455412d7e0f17d575a5a934c8552e76aaf7ccbc75e7a0810b8f0eb2378b9c0303e7c424c830b9462b7ca8df4a095d906a5516160ceacb8c3726d4e0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 19:21

Reported

2024-11-09 19:24

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe

"C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1972-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1972-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-vszR3TObfcr7lIz8.exe

MD5 b3cc66dc3cdfd3b3520b54529defd1b0
SHA1 9001de9e45fb4dc4087adad3546395b17defabbc
SHA256 0a560debea936448e231da745a5c853276d15d9b190f8f10d904966fbc47b117
SHA512 00bb58796fdfc562659f07766ac8b417646bb87556a922dd18a0800b1cde43dac89497dbeb6fc213a205214e5b5545b9a0f4257f58090c51194b07d98f92adb3