Analysis Overview
SHA256
a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524
Threat Level: Likely benign
The file a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:08
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:08
Reported
2024-11-07 10:10
Platform
win7-20240903-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N.exe
"C:\Users\Admin\AppData\Local\Temp\a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1324-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1324-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1324-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-IcqcQKjzM3FthfE5.exe
| MD5 | 8b721bfa76bdb2286ad0090f94aaad9d |
| SHA1 | 87c9bc5bb4a077e9e8b2ad8756a28662cfecfd64 |
| SHA256 | e331ceeb7da51334dcfcf61f5ced10965a950587c6efc14cbca8a5fe1f08d2ad |
| SHA512 | fc5cdf81afb33071188d3c9b2f472ed5bc3abdecd99304f62d29911caf10e3891ff9dfa926d8eaee88d34d52e774d0c95f43d7dbea1e69cff64a2e91841a787b |
memory/1324-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1324-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:08
Reported
2024-11-07 10:10
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N.exe
"C:\Users\Admin\AppData\Local\Temp\a918fa49cafc97fa1e090160c9e012b16c76b00efa3d12b0bd785438abb75524N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/760-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/760-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/760-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/760-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-3n4WaA89oQbU5SC8.exe
| MD5 | ee12a0fede3f6c735adf0306ea48ae1c |
| SHA1 | 55015569b434b27e4a00d4f1da0d2ac8fd10b9bb |
| SHA256 | 626b456cbe749f427933028d6309b1c967a0307dfc14a7f5224f91739bd4d57e |
| SHA512 | 8ea9e6f9ca368ae8a5795d43625d4f33075099146e87cb9405dbe7dfae9d2e74c0c25dc7b039f03e7514450e3f33e941f5682e7406dde786516d12b8341edc8c |
memory/760-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/760-19-0x0000000000400000-0x000000000042A000-memory.dmp