Malware Analysis Report

2025-04-03 19:49

Sample ID 241110-g2lkys1gnb
Target d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N
SHA256 d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351

Threat Level: Likely benign

The file d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:18

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:18

Reported

2024-11-10 06:20

Platform

win7-20240729-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe

"C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2324-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2324-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2324-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-xXW1HHGIEo4XCpr6.exe

MD5 fbed78418d87f529a9752413df75fe63
SHA1 e4c62c41134baefd91e88e54befe16f2bbb0a0ff
SHA256 21b6943a7a6bd1853d3d8876a179b749994d4af9e05947f4a566bb23e3e88fab
SHA512 b76f3bc0083137d68d4ed042245ec56922f0dc5d051388aa10c5725c42b47104bae711bd6fa77c05438543fdb249f5c3584dbcc6114ac61109c3e2dedce5e77e

memory/2324-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2324-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:18

Reported

2024-11-10 06:20

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe

"C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp

Files

memory/1592-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1592-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1592-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1592-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-6VVT0wD9UELfZMTt.exe

MD5 04032169e3da022e7304db9ff3188bca
SHA1 4ebcc21baa43d4078727a163d1015b01fe2dbca1
SHA256 31b23eb956dc5646c3ce3b75f203c377938e1afb7de21979871582527d882405
SHA512 47357febddca9f56e38d61235752d8666c2c3dc2b146679c0350a07d3c20f6c84c011f8883a2219e387695672b982b35a084b3acae0cc2deaf871ee69f3f914e

memory/1592-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1592-23-0x0000000000400000-0x000000000042A000-memory.dmp