Analysis Overview
SHA256
43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897
Threat Level: Likely benign
The file 43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:08
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:08
Reported
2024-11-07 10:10
Platform
win7-20240729-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe
"C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2300-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2300-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2300-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-2P3SuDSEyUC2dfGX.exe
| MD5 | 0f6bb077d9716dc370a715cabd90c8d2 |
| SHA1 | 644514ec377ddd881056f7e35b35bb60c8b4b82d |
| SHA256 | dacd0145e575d85fd1fd222d3fd5a13a5f0c59b6b2d27809a041c84e10295f30 |
| SHA512 | 7ddd103977bbf22c463ada7139fa60ee71c265dbaa7271d03c3a133061bd3a21d8b9c4b5816827a7902f5a2eadaa0e170040222e8ef8393880bcf5e1246f8f23 |
memory/2300-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2300-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:08
Reported
2024-11-07 10:10
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe
"C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
Files
memory/2804-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2804-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2804-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2804-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-o82t0SLKBAJPqmu6.exe
| MD5 | 71c466425a920b79a93d9e89c8a2409b |
| SHA1 | f8d5efa8ae6da2985d87e77eb27291171406a250 |
| SHA256 | 388d33df5ceb1f9e97fe27276d67bb8903189c5fb54a9106910d8231b7582c9a |
| SHA512 | 259c83352cba3dfa77ee03ed84b849278fd3ae162b065253c7b206b0803d12d4f397d7401a16dc674f30cbf581d0ccc56984aecf87ac76c7e5449914d46cb329 |
memory/2804-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2804-22-0x0000000000400000-0x000000000042A000-memory.dmp