Malware Analysis Report

2025-04-03 19:51

Sample ID 241109-xghxbsspdm
Target 3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN
SHA256 3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025db
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025db

Threat Level: Likely benign

The file 3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:49

Reported

2024-11-09 18:51

Platform

win7-20240903-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe

"C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1992-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1992-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-5CDisbcDmrzdxac9.exe

MD5 bbd83621438679ee77959dca39ce4524
SHA1 cd44510d12f069e24d9a7ef8fcad28557414a592
SHA256 4b5caf6bc6f37a29e15ed8b3a820418a365201b617059c8fe840accfe5d6a6ea
SHA512 6e261da9d0d93588ae8d09e3bce57d1dc28ae5fc452beb4e064d50dce5363141a173b0f39bae80dd4c45249b6ba5c8b11580bf71ba6cc71555e0103ced1b8d1e

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 18:49

Reported

2024-11-09 18:51

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe

"C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/972-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/972-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-G0PATCHuwoCAl5AW.exe

MD5 b3993715efa11a004a04ba06f27ee027
SHA1 f0bb99c99dc76991dfc63883f92e4848bcd229a9
SHA256 621489d2098b70d7dfc9745feaa7eb975f92e0c3c95155727785458d3e84b108
SHA512 b5af5cac1f8a8699dbd73767f577bd6ebc975ed190ab6ee8757e69036bbe8fc6abf615ab35ed8e54df2543bd20b456c0a0dc5b9522e0727ba16a2e3925efdf59