Malware Analysis Report

2025-04-03 19:53

Sample ID 241109-xexygazelq
Target 3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N
SHA256 3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984

Threat Level: Likely benign

The file 3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:46

Reported

2024-11-09 18:48

Platform

win7-20241010-en

Max time kernel

111s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe

"C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2580-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2580-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2580-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-GtCevheEp7yEpEI3.exe

MD5 383cfda7c4de7a66dc47e7c0d7930110
SHA1 1c068d23dbabe23a83e6ccbe4c8018b9d9e68e0f
SHA256 807c8ed005ea430dcdfab3801d3a83358e21b36d7742802ce5dcb969abf320fc
SHA512 870eb0c52a032b1b0788a375859393e0793cb465b3144761e3c5babda2ae22b750b6e4edc66c7fca97f91dbb8d2570e31e66d436ccf180728fa184cc15a34675

memory/2580-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2580-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:46

Reported

2024-11-09 18:48

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe

"C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/2136-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2136-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2136-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2136-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-8zqv16EHZ9wBTJqg.exe

MD5 954c1b8fad19564fff70bd39a699da0f
SHA1 0d737f9f68ea47086989b50d64342f00eaeface6
SHA256 e5d59c5d1a5e8b7a306bf62dad552732520e85a1ed1d941fd8808666697e0415
SHA512 92cd95e980f9b25e55f114a96295c099ef43bf06c7391d2e35f3a7c11c8d27ccf5ceef96af2e4db4e707fb4fabf72e0cf44cf6417b4462b2923f49ff70f6ea89

memory/2136-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2136-21-0x0000000000400000-0x000000000042A000-memory.dmp