Malware Analysis Report

2025-04-03 19:46

Sample ID 241110-g65vds1kay
Target a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N
SHA256 a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2

Threat Level: Likely benign

The file a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:25

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:25

Reported

2024-11-10 06:28

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe

"C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/428-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/428-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/428-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-tIXBxi1T8bPtWfrc.exe

MD5 93b3a6a0245337174c18a4dc0f701848
SHA1 75bba11014e6672f22ecac4a94a786feeef6d68d
SHA256 3a7c1296df28ed9e01fd1922a2171a14e15d1af477ea0afea6cc374790c2ba35
SHA512 1aaab9d64813ab648300a99228957c2d8822012af46d2020ed75776bb4dc9d06eb75e66a3c77871724ec171f48b2dea1356fd0b4d1682544b47549c838ba958d

memory/428-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/428-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:25

Reported

2024-11-10 06:28

Platform

win7-20241010-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe

"C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1488-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1488-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1488-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-XfBsYGFPrOnE7wuL.exe

MD5 ab627f46fc33992810a4371842a74d26
SHA1 65ef214999e01082e531cbd213b662c623b35973
SHA256 805c88f7f9325402f6dea3f074631e3fc85800c7b5a4335eb7e33ff03928ad5a
SHA512 baa26636e5c7168896c76aead66a9210af9aeeea160ef33e3cf7962e1783a78e0eb3536b56ae63dd73a745b65ca87b7db783edeb2261cdb694f4a48e2be3e73f

memory/1488-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1488-22-0x0000000000400000-0x000000000042A000-memory.dmp