Malware Analysis Report

2025-05-06 04:17

Sample ID 241110-kkyezatbpp
Target 77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N
SHA256 77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0

Threat Level: Likely benign

The file 77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 08:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 08:40

Reported

2024-11-10 08:42

Platform

win7-20241023-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe

"C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2316-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-r42Zibhe0j6Be9fE.exe

MD5 45541362f063cd4f6278cc55858a7973
SHA1 f82075158926ab0d9fe142951efc4945ea4870d7
SHA256 4119a13a2c1376c6916b7028abb461649c588c919863efc640a9e9e73062befb
SHA512 debea483df4b6e9fa28ce380566b5dc3c60514d54d02f6b460a57cf3770ee3bc6ac1f0083307f94d53971e480442470a0ea5b7e2fa412d784750d1578f32f5fa

memory/2316-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2316-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 08:40

Reported

2024-11-10 08:42

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe

"C:\Users\Admin\AppData\Local\Temp\77279b3e2a1d969b68ac82351bef1037a615be154c872f486048fa9c507ed7e0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/1988-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1988-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1988-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1988-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-4tPUg8EU2KcIscUQ.exe

MD5 38500d6b8288502735e0d2005b956c93
SHA1 d4fcc2739f3f6dd7747e3080c9bdd618b4bc0dc0
SHA256 94c34306290479cba47f86926670bab58b341bb36e67613690ba5cb7434f8096
SHA512 9768322cee31155c1f960187db57bb610efce947faa58d81dc1562b268a4504b28f52139fee6878cfe0694c035bac6425c63376a673cb69a649a856ee2de74c8

memory/1988-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1988-22-0x0000000000400000-0x000000000042A000-memory.dmp