Malware Analysis Report

2025-04-03 19:47

Sample ID 241110-hpqvks1nby
Target de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN
SHA256 de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414d
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414d

Threat Level: Likely benign

The file de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 06:54

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 06:54

Reported

2024-11-10 06:57

Platform

win7-20240903-en

Max time kernel

110s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe

"C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/816-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/816-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/816-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-FiEfWcXuJ8XDOTmO.exe

MD5 0dd54c37f76f730a86c03938f12d697f
SHA1 3fccd22d5637fb7b777f670d2423ed30acdd0880
SHA256 fd097f4119189d5bfe34f08ba83485be475a3ed44d1c6ce88849f13421e22c0d
SHA512 5ab55d604040eee7188af684b129451b5a550b897b0b3fe48a8811937d6f96319c9e1574787c63733afcf40378310df72ae3fdf300a5486a0ab4e110f376b6e2

memory/816-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/816-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 06:54

Reported

2024-11-10 06:57

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe

"C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4436-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4436-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4436-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4436-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-2mbg8NVeKyFIczmM.exe

MD5 6aa65a34b7b325a73248313fbc823c7d
SHA1 4ba8a32f6b9b651306fb1310241a3eaec730e6ab
SHA256 478b04d4feff4aa7fe36dfae715a89dea654570ac4bd5250bf36812290d0e346
SHA512 eb57eae597df1c896dc0ed62de6dfdc967826b6bab16d14f8447fc3b95e5c4cd988588f2cc6aa362337b891af21ff183907f8cd43fff0dd3de255613167bed56

memory/4436-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4436-21-0x0000000000400000-0x000000000042A000-memory.dmp