Analysis Overview
SHA256
a17d93c0e598ea61efb7767dad89e9a7fcf60dd767b4bef30a74108756c7383f
Threat Level: Shows suspicious behavior
The file 6f8c1b1009ba0f4ef06df953acdbc460N.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:16
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:16
Reported
2024-08-25 09:18
Platform
win7-20240704-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe
"C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1916-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1916-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-R3U2r5LxkRpbsjPi.exe
| MD5 | b45506327a6baf9178bd6482737e448d |
| SHA1 | 77a84f6c54f77bc1749a81801657f4da4e27a6be |
| SHA256 | b50492d54d6cde17e797045a0ec71787d4afebb79f448946b80240ab37e2b5e2 |
| SHA512 | 41492a68ca74fa5d48509ac30c3a416e4ca269b76bdbad82db580a269dc7f0e0279cc05cf6172d14986c35b1a132794c7a0f165f1afc14fa39d37cf7703c789c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:16
Reported
2024-08-25 09:18
Platform
win10v2004-20240802-en
Max time kernel
100s
Max time network
100s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe
"C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/4872-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4872-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-vCji8jjKeSDDb8Qf.exe
| MD5 | 6a3495bbb4f33fe5c76db6e5fcdfd9e8 |
| SHA1 | 189ab7b48f0deda655da3eccbdf2e1a9e641bc64 |
| SHA256 | ed3ae8828ad54cbe094aae5d32f870d1bc16a161abe2252e334387f01f234339 |
| SHA512 | 9ec0c446843d95d3130803b7aadb04f733ba391b1377823377b13a547199aeda3de5d59199c7c745ce9d2f6633940fb2697107fcb7c325ee9534e4c87876bd97 |