Malware Analysis Report

2025-04-03 19:52

Sample ID 241109-xct4ssypey
Target 8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N
SHA256 8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2

Threat Level: Likely benign

The file 8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:42

Reported

2024-11-09 18:45

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/2712-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2712-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2712-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-CEBYThbouMXDX804.exe

MD5 3ee98242efdc23cc25421ce4223ca4f7
SHA1 9b8240cede9840e3e5ceb45e0ecd65cce55a501a
SHA256 2bb7672ef73b69d956d0bf716b259c914556e0b211184fd4a9c247ed1f4ec144
SHA512 95d5e026bade5596a9500cbfd3b724b3793abf7dcff9b3f554a6aba52ae0d8795dd7fcfec8ed68d2bd7de0f87f23901420fa5c2e5d9eafa7f5852cb88fd4ca52

memory/2712-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2712-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:42

Reported

2024-11-09 18:45

Platform

win7-20240708-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2432-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2432-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2432-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-16ezVqiANFI5vIcX.exe

MD5 78ea5b968985779ef3bc342e67cfb17e
SHA1 222249372c3bbd8aa52aac9ab3e3a6407dd225b5
SHA256 452303178ef07c05c074cdf3c939e149cfd8db077f7a30359c04346d4033002b
SHA512 0b8cfb39caa118431c6391343b3e556daae13ce536b98692d6da3a6fbe6d0fd3d4880bd4fb29a631c9342abea502b5e275f28036ef3029d24b156ab023588387

memory/2432-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2432-22-0x0000000000400000-0x000000000042A000-memory.dmp