Malware Analysis Report

2025-04-03 19:49

Sample ID 241110-gx397s1frh
Target 755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N
SHA256 755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2

Threat Level: Likely benign

The file 755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:11

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:11

Reported

2024-11-10 06:13

Platform

win7-20240903-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe

"C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2148-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2148-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2148-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-Jjoxo9Nu00rBZB8O.exe

MD5 2e9a319b86b451073da1710316c52c9d
SHA1 8038071187e0ed9cde4d3458f0423b319ada5cc5
SHA256 7a3ed88b905f72a7076795057e9d065b50a37acfbb8f9c62dfd156107cf1483c
SHA512 2aa9b3de92b4750a6ef185feb9099a2df6fb18146def9d89d17cb722c50159e923d3bf2d4424a65362f10cc10521889bf72db4b69dbaef4384c8618f3ea26b7b

memory/2148-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2148-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:11

Reported

2024-11-10 06:13

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe

"C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp

Files

memory/4876-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4876-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4876-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4876-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-0rY5aMNd6PENug1y.exe

MD5 cadf6b4c8cf12395b79b8d9dd5170c91
SHA1 fbb1795ebdea6b9eaa8b07045680a1a42b6191ae
SHA256 1b54c8e2a46e7215296f721f28ddcdebad6e4af948b9c3fdc5a34e27811417a9
SHA512 520bf0c7daca184a24d757388d9427a32e564f3e072e6c57efad4a803381f26628e1c34301786e2cd0e99ec2a489f5ac6fe6716daa8371c452314dc361032306

memory/4876-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4876-22-0x0000000000400000-0x000000000042A000-memory.dmp