Malware Analysis Report

2025-08-10 22:41

Sample ID 250127-sbx2vavkaj
Target 114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe
SHA256 114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35

Threat Level: Likely benign

The file 114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 14:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 14:57

Reported

2025-01-27 14:59

Platform

win7-20240729-en

Max time kernel

119s

Max time network

91s

Command Line

"C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe

"C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1384-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1384-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1384-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-tL8g5jZVMxfCG4MZ.exe

MD5 50faf3a4454b6b0cacc64c6afadc6c25
SHA1 82c6ed7c759470ebf81c36496d9f6835dff13625
SHA256 dca1aad28ad4fff305d67325ea53398fa6278093009578f5089b4ed84696310e
SHA512 c923cf543ed43a38a0811365aa50df7de2191aca048ad074fd94533b9a6235ed5d51a4f1aeba78339c78330940578a7c1d9010bd9cc7194c1ab9e294b61d8911

memory/1384-14-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1384-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 14:57

Reported

2025-01-27 14:59

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe

"C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/2836-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-VvyuRiFq4WYtVPx4.exe

MD5 3defaff1bf90e270b8c7cb8364f5095b
SHA1 23bf34f23593c1e8302500172fc4561b3ea82d95
SHA256 0681c243ba60903da7e5792df30ec77dd4f06aa9845325740a6502fa2538c84d
SHA512 ebcaab642c8519c3d28ab749655f7ef627cbdf47dc141a8e47ce3d09250bfa732f075816385bab73514f583eb98eedf6791caaea3c68bd570c7daad2c0a1cd9e

memory/2836-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-22-0x0000000000400000-0x000000000042A000-memory.dmp