Analysis Overview
SHA256
bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885dd
Threat Level: Likely benign
The file bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:02
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:02
Reported
2024-11-07 10:04
Platform
win7-20241023-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe
"C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1980-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1980-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1980-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-zziTS3XJw10a65hA.exe
| MD5 | 36531e65f90386302cdaef58fd558e28 |
| SHA1 | 4cc7b4cb965a7983d9d4bfaa46d8120989d639ae |
| SHA256 | d7a2175059a06dac633fd2354c212080b7f1603ea40154cb79a48fec005c9974 |
| SHA512 | 668604b783c1d35672cf09ed604d1620a145d0f82e68a3e4f65e4798302ccf1c7055cdfad867065fce1525f1875694f80279ee8dceec6477429984607bfea3b9 |
memory/1980-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1980-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:02
Reported
2024-11-07 10:04
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe
"C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/2836-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-SU3eRkrFyyBlmQA0.exe
| MD5 | 5c837aab09a1795600b99e171ecf2b47 |
| SHA1 | 9d02d11489e2d2db36c208dfc21c8a24ea574606 |
| SHA256 | 0bd99a0b75cebddf469bb87fbe2a36be77aac8cd8cbd53187a46c15119e4d5f7 |
| SHA512 | 384341a649e77621f4324f9b3f04ef22b3136aed3255104ada6f4aaec53f2b7e397676fb907f1e4e846ee81b39575b7b34053b7af482a836c27480c4f82a03ef |
memory/2836-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-23-0x0000000000400000-0x000000000042A000-memory.dmp