Malware Analysis Report

2025-04-03 19:49

Sample ID 241110-hhbgba1hjm
Target b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN
SHA256 b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43a
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43a

Threat Level: Likely benign

The file b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:43

Reported

2024-11-10 06:45

Platform

win7-20241010-en

Max time kernel

92s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe

"C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2256-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2256-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-9FOz0xe6NBaCxoUK.exe

MD5 441bc6a2da6ff92d0c23eb29a1c02268
SHA1 3e1d251128b0b2cd4b74b8be7512b1dda38f5c7e
SHA256 12674c96dd622d233e19d3a68381231f1379e823381964d1cf4d09fd5f31abec
SHA512 f8ec37ba6eb1953818053d797bff2301c8940eca7fb0edc5d4c77133379b038fefaae3913885d20dc5d67281918fa66e54405f6fbd0fd2db691fd62f2191e65f

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:43

Reported

2024-11-10 06:45

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe

"C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2364-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2364-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-PsdtTENUEWPfjCj1.exe

MD5 27b99983fc9e823b3aee3852e5e8b4e1
SHA1 fefd730ff1d7875784f960506d80a6e2d35b0ff3
SHA256 eeb609c6197850bd74a6afdb52e8b3c8e06ec2c4032628b5d8d0b1872c51f11e
SHA512 21b495056791a2c51b9e9d641ee15149da3c65ef0880a3e655d7ef3de4c206ce005f763ee90ae0c5b8ffd042b84f9cacd2cf1ed42439ac2086f8e9f2621b7b32