31523ae51c04aa773fbb62df37a3582131d11b97a775db23c3848b6db205195e

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:05 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

057e2f4e6f29fc3ceb0810ff0596ec50.exe
Size

140KB
MD5

057e2f4e6f29fc3ceb0810ff0596ec50
SHA1

5d6107a80e1e1bfabdbf26f36c7fea587bfcc088
SHA256

31523ae51c04aa773fbb62df37a3582131d11b97a775db23c3848b6db205195e
SHA512

8f064fbc19a2f581e4ac44e5fe156e51d2258a689b8cd391374ad319c377f4684e589f3149327ffcbc6adf3b063bc25dfc9952c57b7209855969bbcce1c63392
SSDEEP

3072:hb3uhnk4Nn++oIWaY+13Vdmi3ZYIA35aDrm9GoWTtcr3ZRq4HO0dG23X/FnncrdW:h0nk4Z++xWaY+dVYiJYIMKm4omcrpRHm

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\057e2f4e6f29fc3ceb0810ff0596ec50.exe
"C:\Users\Admin\AppData\Local\Temp\057e2f4e6f29fc3ceb0810ff0596ec50.exe"
1⤵
PID:4120

Network

DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

240.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.17.2.in-addr.arpa

IN PTR

Response

240.197.17.2.in-addr.arpa

IN PTR

a2-17-197-240deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

136.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR

Response
DNS

wecan.hasthe.technology

057e2f4e6f29fc3ceb0810ff0596ec50.exe

Remote address:

8.8.8.8:53

Request

wecan.hasthe.technology

IN A

Response

wecan.hasthe.technology

IN A

104.21.59.199

wecan.hasthe.technology

IN A

172.67.183.40
POST

http://wecan.hasthe.technology/upload

057e2f4e6f29fc3ceb0810ff0596ec50.exe

Remote address:

104.21.59.199:80

Request

POST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 143780
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------8d9bcf02cdaa6f79

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 09 Apr 2024 19:05:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 09 Apr 2024 20:05:47 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gRwPzW3SKFmrs%2Fx4I0KjTn5jtUTHqNzgSD5Vx4CcX5JJqc7rKLWuH78J2BVZr3P1MH5yXDh%2FDP8QzbMwPsw2pOBM4pgMmLXGn6C%2BNpdYf3d8i9reBjFTQbOylosgiJllzxVZIw%2B5KeXcLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 871cc5470e4594aa-LHR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

199.59.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

199.59.21.104.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

31.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.251.17.2.in-addr.arpa

IN PTR

Response

31.251.17.2.in-addr.arpa

IN PTR

a2-17-251-31deploystaticakamaitechnologiescom
POST

http://wecan.hasthe.technology/upload

057e2f4e6f29fc3ceb0810ff0596ec50.exe

Remote address:

104.21.59.199:80

Request

POST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 143780
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------6911572db538cc1d

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 09 Apr 2024 19:06:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 09 Apr 2024 20:06:17 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X1Ejqb8RqJ%2Fg3YLPQKZFMvlWZaWRjBVaqY8E%2B72tNbQ%2BCOtw5DyGjS1CBW7Z9Jf7qLHNhDmasceigZDRt8JU0ygljr0q64MHrLJVSOoeCv%2B7T4t7lQV2sz1qKEQdeI6JxPnaNWUrr%2BomSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 871cc6037beadc87-LHR
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
POST

http://wecan.hasthe.technology/upload

057e2f4e6f29fc3ceb0810ff0596ec50.exe

Remote address:

104.21.59.199:80

Request

POST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 143780
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------687745721a76887f

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 09 Apr 2024 19:06:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 09 Apr 2024 20:06:47 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pt4bF%2FEVwrlQUEXB3OFZn1P%2FwCbLU4UIPOf6QODKg8fQU4ZVV7ysegUFzfMpLpmwDZyzPvUkkIYQlTZhc5iMYWIClD2tvD1fua2lE1bVllIB%2BlamlejDmKrYGtPF%2F%2Bbd1aIIwXOuhWxk5A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 871cc6bfce17641f-LHR
POST

http://wecan.hasthe.technology/upload

057e2f4e6f29fc3ceb0810ff0596ec50.exe

Remote address:

104.21.59.199:80

Request

POST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 143780
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------854d6beeece47094

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 09 Apr 2024 19:07:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 09 Apr 2024 20:07:17 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUkJjE7kMrypBE0m8LFiBk%2FKQ5HwKIxDjKv6oIvWyudPx%2Fi0tid3FN6PPtOuAZS99CuSqgD6yPU%2Bbt%2BwUhVOy3akL2BeGIdF9p7eIJ%2F8kQO4gJRqleZ0y9QNm%2F0YmZChjhtI7T9GbUK%2Buw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 871cc77c4f409498-LHR
DNS

3.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.173.189.20.in-addr.arpa

IN PTR

Response

104.21.59.199:80

http://wecan.hasthe.technology/upload

http

057e2f4e6f29fc3ceb0810ff0596ec50.exe

14.6kB
1.3kB
15
16

HTTP Request

POST http://wecan.hasthe.technology/upload

HTTP Response

301
104.21.59.199:80

http://wecan.hasthe.technology/upload

http

057e2f4e6f29fc3ceb0810ff0596ec50.exe

14.6kB
1.2kB
15
12

HTTP Request

POST http://wecan.hasthe.technology/upload

HTTP Response

301
104.21.59.199:80

http://wecan.hasthe.technology/upload

http

057e2f4e6f29fc3ceb0810ff0596ec50.exe

42.5kB
1.7kB
35
25

HTTP Request

POST http://wecan.hasthe.technology/upload

HTTP Response

301
104.21.59.199:80

http://wecan.hasthe.technology/upload

http

057e2f4e6f29fc3ceb0810ff0596ec50.exe

14.6kB
1.1kB
15
10

HTTP Request

POST http://wecan.hasthe.technology/upload

HTTP Response

301

8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

240.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

240.197.17.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

136.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

136.32.126.40.in-addr.arpa
8.8.8.8:53

178.223.142.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

178.223.142.52.in-addr.arpa
8.8.8.8:53

wecan.hasthe.technology

dns

057e2f4e6f29fc3ceb0810ff0596ec50.exe

69 B
101 B
1
1

DNS Request

wecan.hasthe.technology

DNS Response

104.21.59.199

172.67.183.40
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

199.59.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

199.59.21.104.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

31.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

31.251.17.2.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

3.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

3.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-0JKcQWQYHVqohosl.exe

Filesize
140KB

MD5
26d8cc956762de200615a64af5bface0

SHA1
35e0ca6cb4890bfc084d34456f70318177992d30

SHA256
463445efa35527c6dd6fb6b529a8bdd9382449395a3926a03895ca00d679850c

SHA512
56f1b37c5fd365ee827d4f21b4ff5c9d172cd021e9b12b15761cfbaf6a22f58cf1595f745287acced990cabc67a967e40f52fd3f49a160e4104b65f9a37ce417

Download Submit
memory/4120-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4120-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4120-13-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4120-20-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4120-27-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.