Malware Analysis Report

2025-04-03 19:48

Sample ID 241110-hbxqza1gjk
Target 1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N
SHA256 1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970

Threat Level: Likely benign

The file 1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:34

Reported

2024-11-10 06:36

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe

"C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/4780-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4780-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4780-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4780-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-m4F6vzurQLwSZeZq.exe

MD5 39f0d82914d62a8acecc36d42e807193
SHA1 b486dd9ebb5152e5b6c6137a350bf5d52405b121
SHA256 d2cd7d174f19ccfdb6907f573f40eb228a44fb4e701bf726b207bb4351af5307
SHA512 51b748c3dee5b74b2d497a4eefbe972124b8035ed5fa4ca5acd42e77ae640e03d3de0cd7a66eac63b9dcda4db399e2b9007a5fecafdd510057efbca4fec4c66e

memory/4780-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4780-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:34

Reported

2024-11-10 06:36

Platform

win7-20240903-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe

"C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2652-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2652-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2652-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-vqnAWef2ZvVDzGlv.exe

MD5 c22e3fda862286e431df2d757230057c
SHA1 d4c795206a96c47969ffca2790f76800d09d67ad
SHA256 0984602b520c3b74cabda3502a73f1c6d8cdcb88e84c135c8b2e65ce81796a9e
SHA512 2dbe23b931219b6309d3c0e65604075ec6bb4116bf2f211335a98c510bbc5c814bc4d55344e4533f1f8f557cbb939ff54fed3b905217cf94a78cbd4528330ffb

memory/2652-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2652-23-0x0000000000400000-0x000000000042A000-memory.dmp