Malware Analysis Report

2025-05-06 04:18

Sample ID 241110-kh9p8atdke
Target 3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N
SHA256 3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586

Threat Level: Likely benign

The file 3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 08:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 08:37

Reported

2024-11-10 08:39

Platform

win7-20240903-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe

"C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2316-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-7-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-9D0vfgeMkj72zpXy.exe

MD5 862b2a69c0643cf6c84e0f6dae779d2d
SHA1 dde5ff4cc503e4aa2068142e5ab2ba5586298a3d
SHA256 33e488200b18f6c17368515a0a201e9420d5cc6446e5718cadea284343f304ad
SHA512 13a0b7aed45919968d6ad85cab5e9055a746e8e8a9adff5d6909dcc71eb67401fdc04718629b0f30f936a229b6599c33f831f80b843b3c38c940be3b651ca0d4

memory/2316-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 08:37

Reported

2024-11-10 08:39

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe

"C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 74.209.201.84.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

memory/3404-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3404-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3404-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3404-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-LEajpVBgHidTCXVM.exe

MD5 12917d8106a99519188d26459d511348
SHA1 eb46dbef32583b541126b92a1029ae68dfa65d82
SHA256 620b4893a4ccd35dab67dd0bac8a2d58dbfef3acae86bf7f755c0061ce34a21d
SHA512 439bf345ed9698fab7f4169d53e708084b3f0923a6e13522a9a766148e7bb22f69785a78e8c6f722f2614f4489b7b4b266af01303e7ca246975968c1df96b3c5

memory/3404-13-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3404-21-0x0000000000400000-0x000000000042A000-memory.dmp