Analysis Overview
SHA256
ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8
Threat Level: Likely benign
The file ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 11:04
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 11:04
Reported
2024-11-07 11:06
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe
"C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/864-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/864-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-38iuAX7oeg7uTQOS.exe
| MD5 | b4c8422cd600cb185c7ee4f391697ab2 |
| SHA1 | 00ace9661133751142bb59c7e13d73a261b193ee |
| SHA256 | 9332362683280854fba227b54e288fe8cf448ba2822cf2a5dce1e4c4f1ee6839 |
| SHA512 | df56210009d44d0335c74982f827aae9e148c7b01712ea9b1eaa8583d1df419e8267b1d43123bb413f33783117dc76b333bcb9afd01916999d78bc937804698a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 11:04
Reported
2024-11-07 11:06
Platform
win7-20241010-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe
"C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2884-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2884-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-HAgvFvbzhcZR1oU3.exe
| MD5 | 28825fb843d485fc91d58bb4fd00a956 |
| SHA1 | fdbb8fdd2392fcf9f4f2eb4d3b752161dffc672a |
| SHA256 | 47a4a078738476fc5cb8cae2f51ba279edd6c5c04a65ce2822115ef6768681e7 |
| SHA512 | ac2802e767f4b3d416c8c5f404c0d45b42d6e51c0e4ee81deec6fe888d3620f5541dff15e30bfcb51935b2e958911a05ffa100060a50c02a5a15ea6b032947d1 |