Malware Analysis Report

2025-04-03 19:51

Sample ID 241109-xg7wfszeke
Target 475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN
SHA256 475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74c
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74c

Threat Level: Likely benign

The file 475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:50

Reported

2024-11-09 18:52

Platform

win7-20240903-en

Max time kernel

117s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe

"C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1868-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1868-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1868-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-3tveMA6PuwWq10gi.exe

MD5 93a4579569fb859daea139b841b3399f
SHA1 22b802d78a99aad6a6a7e4ecb5edf2fc72be2bf4
SHA256 5b733585d80533bba83ab205eae3bdc9bc0d97b54514481190c57b5cf8804d5a
SHA512 89d992f3936b2d0f45877eabf25165c6a1048313c5b86b4404cdf267acc6270ca0227f157e13016709127572918087fbae088a709eb3186b0e8a12c8ed8e912f

memory/1868-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1868-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:50

Reported

2024-11-09 18:52

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe

"C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2032-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2032-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2032-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2032-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Ut4tOXOpHc55xLwe.exe

MD5 e9fda8843266cf16fa0bdc41e0f2c2d5
SHA1 657586a63d6d749eb71aba25d7447ad1175e3f24
SHA256 e5cc73f47bbf98b0cb39a1f06db6c53e7dd62f8ce84e31f578a11d5b9221773a
SHA512 e5c517da8f3dc7ddc928235379d43a359e59dd1ce5343dfc78024f2cf150fbf39aecbd572fe0adb4af004b3abbee6cce9328d7a0cc0d85095c29fc06fbb17271

memory/2032-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2032-21-0x0000000000400000-0x000000000042A000-memory.dmp