Malware Analysis Report

2025-04-03 19:49

Sample ID 241110-gtjfmatrcn
Target 335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N
SHA256 335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18

Threat Level: Likely benign

The file 335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:05

Reported

2024-11-10 06:07

Platform

win7-20240903-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe

"C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1944-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1944-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1944-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-GdlRDNkxl9avuSeT.exe

MD5 89079e6e9d1a839fdae6f2de2ad48dfd
SHA1 1c4f9d7168a610728ce120f6429d5c7a0219efa8
SHA256 df68e5e3c12a53c59ee61124504ab86df598024e989e58b10753aa4bb1085257
SHA512 2ac485eaeee477cd99f6d139ce01a20ac601fb3796d945bb10009c26d204e7566a6cd2b1e2c4c1aa520d7b7eaf89691392fd8b6c95dbd7a48dfacf8f5b80c5cc

memory/1944-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1944-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:05

Reported

2024-11-10 06:07

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe

"C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4020-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4020-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4020-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4020-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-FsT5VmUZhBAw1mig.exe

MD5 3c9b30416a7bc6bf5dec526703119f36
SHA1 d5e2801390f9cc33d797b7f923cb36ce704ac6f3
SHA256 5d9c415b1d6586ced95db1b27ea02bd9f985ba48df8cc9321e140eb8bc3f0e33
SHA512 d6f802a5d3e4f60ed7b84468bcd16520286a655ab87cfc8f30778ee70f32328b3ac2f690cd575dbad6ea887c2c1fc7f769a7bd795afe197c6d1ce43ae4228833

memory/4020-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4020-19-0x0000000000400000-0x000000000042A000-memory.dmp