Malware Analysis Report

2025-04-03 19:54

Sample ID 241109-xtfmqszjcy
Target 04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN
SHA256 04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42b
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42b

Threat Level: Likely benign

The file 04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 19:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 19:08

Reported

2024-11-09 19:10

Platform

win7-20240903-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe

"C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2088-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2088-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2088-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-EdktEMqJIs36pHHz.exe

MD5 820defc294c58573aed17c31f3a5ad46
SHA1 8dba6012b7681cda1f49d6401eead851cbcfe0cb
SHA256 f1a1dbfe3168648decfc8ab632d74f6c01278d6eeafd5efbc5f590b4caedfc3a
SHA512 8718ab907bc54b9ddfdc65c448aca40832df07f362b35abbc037fc7bcb1226435e80661f6f7069478aa700febe4c1520aa6c78c5a19f9ac9e62c3f06e386c60e

memory/2088-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2088-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 19:08

Reported

2024-11-09 19:10

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe

"C:\Users\Admin\AppData\Local\Temp\04cfc00fb1454c9c2d30d11a84ae18f58eedfa3a0d6e073a88d5e729986ce42bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/5084-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5084-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5084-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5084-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-fXtrK3jzXnYQJ6Ms.exe

MD5 6d38c36cc1f9c873b9ae713847a8253e
SHA1 68017c5acc7cbe50877a5cda2dd56486601ea9f9
SHA256 1346fa72f11c9917cbec040d9f88ae14462107c56bf9f15772b62cf3dcb0ea7c
SHA512 491b5526daa9796387d9a4bfa3089583103758e6f78c845af467447fd8c00e9355c328bcd43b6e59fe1709b018903cead9e7448faecf9c5b0a40dacbc674b5b8

memory/5084-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/5084-20-0x0000000000400000-0x000000000042A000-memory.dmp