Malware Analysis Report

2025-04-03 19:53

Sample ID 241109-xvwekszjfv
Target 1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N
SHA256 1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08

Threat Level: Likely benign

The file 1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 19:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 19:10

Reported

2024-11-09 19:13

Platform

win7-20241010-en

Max time kernel

118s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe

"C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2492-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2492-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2492-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-AvsXmkVVgnHGJU5F.exe

MD5 00624de8324119bb3d9326f92649147e
SHA1 ac14d74960436ddd47006b416afac269dd87cf8f
SHA256 b670b25c30a51fc60d61f31dec420818599c13c6fabbf55c9f6da04f0dba78d2
SHA512 1532b7e624622955df9a5ebbfffde48778ef9824ca6843ba26e439a1995e014154633e76a5e9517bedf0b571920398b8fff736a27c2f20a11d389bd36ae86fa3

memory/2492-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2492-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 19:10

Reported

2024-11-09 19:13

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe

"C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/1120-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1120-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1120-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1120-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-hman4jQcYvkHXC0c.exe

MD5 b79b019e2fa1173db223ac9b95548114
SHA1 f73949d85e14b8683f10a61d8a9ab6135e1505a7
SHA256 16cb847b195016afead144a6d5c86e83606bc8fade7161f7a1e29009a6d982cc
SHA512 d8d7f423c34cfccfc805d500d990ecc68af03b35daf89a19d9ef23f7bc83af9f1c760475aae9541fb4ad07957cb97411c50f89ce46f3389fa88388bfc025bbce

memory/1120-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1120-23-0x0000000000400000-0x000000000042A000-memory.dmp