Malware Analysis Report

2024-11-13 18:00

Sample ID 241110-b2w4sswkgy
Target da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N
SHA256 da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13

Threat Level: Likely benign

The file da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:38

Reported

2024-11-10 01:41

Platform

win7-20241010-en

Max time kernel

117s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe

"C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2192-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2192-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-SgMuNp9vjrO68prw.exe

MD5 8739ecb949f6835d0e8a6e43def7fe20
SHA1 5752f1256ce9efa32f2d4c6709ff7e233b0adc07
SHA256 ffc02b12c8e5589ebac1d7eee461727499ee06f97db186f22a80cf4a3ef184bd
SHA512 d55a425feef7bec2682c8dc15618a5b327ad409164df84674e7a6318cdc4ba128a720629d29f80c588c24c6e31231d3fb1dd7d9e3d1f46f12e7693365dfc1ab8

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 01:38

Reported

2024-11-10 01:40

Platform

win10v2004-20241007-en

Max time kernel

116s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe

"C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1676-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1676-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-IJmF36QECFFvUVxR.exe

MD5 03d692a57d6febe48cdae69e0f5b846d
SHA1 5f3c42ccd53687afaa6f9327367462e27042e2cf
SHA256 70b07ea365ef2802828c076e0742509351090cb18676591133c27a73d92f6e02
SHA512 caa1b2a65c6ddd32f33bdffccda50c36ab2e913acf7d48dbed414aa26b8dfaba159bacd7cc5db39f0140994915eb77eb282c6ef89074b0ba766fee99e4dcaf81