Malware Analysis Report

2024-11-13 18:00

Sample ID 241110-bxd3eszjbk
Target aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c
SHA256 aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c

Threat Level: Likely benign

The file aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:31

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 01:31

Reported

2024-11-10 01:33

Platform

win10v2004-20241007-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe

"C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 106.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/4996-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4996-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4996-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4996-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-6JlIbNAe2vvTpEZz.exe

MD5 1b09ecb91a3def004b24ab01923de81d
SHA1 0b738f0091c429448489fc5c14ff3b89fdb8dfcb
SHA256 6b77884c53da890e1f91829842b129d6c7b5ea71f7806db6fc7b4eda5ecd1903
SHA512 9942cfec3d073f8647e6b15af46003bb32ba4d465dd8bdf265676e8a00b7726da67e01488950c30b2ef36791cf2f5e7dfa7d427caef33c7ed43e47b48a8423fd

memory/4996-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4996-22-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4996-29-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:31

Reported

2024-11-10 01:33

Platform

win7-20240903-en

Max time kernel

141s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe

"C:\Users\Admin\AppData\Local\Temp\aa4a86020103667ce07755c39a0f15f476360395cd9aa2565986e8fe0928bb2c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2272-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2272-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2272-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Q0Fjz7mLXHRvWCQR.exe

MD5 bae0be090c9c7f276febb73584e08863
SHA1 0831d144d38834cbf64f62b1915c07346bf2549f
SHA256 23567909ca573dd36790ec41336309d195d89d2aa7f9b9a9e10dc230584d3e05
SHA512 f98f25c0ebbd0adc5d5f45deb0f90c9a0787e5ac47f7a33808def901f057ef4ee8fc64002e6753aef5355b142fed2b53015c29b0c1ef7570dcc86dbedcfb0cfc

memory/2272-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2272-22-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2272-29-0x0000000000400000-0x000000000042A000-memory.dmp