Malware Analysis Report

2025-04-03 19:49

Sample ID 241110-g8bdkavkbl
Target 143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N
SHA256 143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4

Threat Level: Likely benign

The file 143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:28

Reported

2024-11-10 06:30

Platform

win7-20240729-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe

"C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2500-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2500-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2500-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-aFdyXmt0jprY7xKZ.exe

MD5 0fd1005559a6e67a4cdd0efcfc0eb37f
SHA1 cec89fdeac91c2ef75c11d16f88e0dfda5bd3943
SHA256 74ec5f8a2e044644559a4b332a264e9e5c1459b2ddc9630a3f9d4e1821733875
SHA512 754e60bd7080332320b878fcf1a7618f4c77699335ef0c8ef2e3332d70c0eee4a02151a40f3d60e2f7b89d438df14e5aacca6ce22de08c05b0230397ae53e7f1

memory/2500-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2500-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:28

Reported

2024-11-10 06:30

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe

"C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 106.209.201.84.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2488-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2488-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2488-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2488-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-9kRl7c2bq293vG4G.exe

MD5 0024f2d08d62becaf2f3ee531c467f03
SHA1 894fe70f8ed597bca468e9bc7936115d19737b81
SHA256 76ee8518ea0f88c1765e0c2dfde74af8a1d63ac7fdc01a233b13d90727ff5061
SHA512 cbe358673e9da0d8cd0f5ca72cf092e29b90d862a50edc4d8aee5a717ba3bc59b6140bd0d9e1479208f9b502ace1f1d33adfce74a4a89d761df9bde749b8d379

memory/2488-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2488-23-0x0000000000400000-0x000000000042A000-memory.dmp