Analysis Overview
SHA256
f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75
Threat Level: Likely benign
The file f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:15
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:15
Reported
2024-11-07 10:17
Platform
win7-20240903-en
Max time kernel
110s
Max time network
103s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe
"C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1480-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1480-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1480-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1480-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-B5HqlbC0SnU6EDSA.exe
| MD5 | 98e4a52e7e5493029153500ba23817b2 |
| SHA1 | 6d76131089de5936527df9c67d8ffa8c127ddcd5 |
| SHA256 | cb241eadd26a414c65a305c0f88c2cbf7779f7427b49175660f39179dee902b0 |
| SHA512 | c27bc0cb4efccc9658a3956c8f120b4b2b355690e40fcd1e746c978b6b07d3c2980270701e3082a6f80f3243dbe855b165dcbc1886c0ca63e3e97712641b1318 |
memory/1480-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1480-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:15
Reported
2024-11-07 10:17
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
98s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe
"C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1536-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-CtkLNfXe41AsWCiU.exe
| MD5 | b718d24f6e08f5b47ee7ceb285b97630 |
| SHA1 | 699037cbc423ac2e3b353ea99e9de2ea6fde3272 |
| SHA256 | 8e1c424e607b0bda821d0c076977fa993129d8e9033481bffe3ff111a3f188d6 |
| SHA512 | 700fb1bd5540179efcd679dd81afedbc19755242fb692ae7beab03ab01777598b08a24cda0312c6f5c54affe91db4c9be4bf904bbc4ae3d9c1f313200bcd33c2 |
memory/1536-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-22-0x0000000000400000-0x000000000042A000-memory.dmp