Analysis Overview
SHA256
3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099
Threat Level: Likely benign
The file 3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:18
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:18
Reported
2024-11-07 10:20
Platform
win7-20241010-en
Max time kernel
110s
Max time network
98s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N.exe
"C:\Users\Admin\AppData\Local\Temp\3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2060-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2060-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2060-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-mX2bwkbXkDFZIw9b.exe
| MD5 | d311b8558d1854fe6eb37d77d2aef6f8 |
| SHA1 | 4385799f4f33c81cc5944766bfaae8a8d1911b6a |
| SHA256 | b41328e577983ff26c32df93bf7ac846cb85af81cd4c3045a0a62d07812a4b0d |
| SHA512 | e57617f74863fae44aa147a9460be1dce730e5c07d0d0543382595f48ca574800b6b63a8127897176d6c4d62aabaec2efb39d4b4e0fa3e2af1aa2e595be75824 |
memory/2060-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2060-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:18
Reported
2024-11-07 10:20
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N.exe
"C:\Users\Admin\AppData\Local\Temp\3b4eae8fd29f593294bd268de1ffd338bd55de93a049b49fca3e7053e4942099N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
memory/852-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/852-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/852-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-iuuYZMlhk3gZc7Iw.exe
| MD5 | 26a79baa112e068b39282aa49dde9072 |
| SHA1 | 4dffd55a59443026c17cdd80e32bfc19b666c65a |
| SHA256 | 54231349a6021b07d3ef0bd2c759bac1cc74fbdfc5a8cbf099d3ecfebe8d13d5 |
| SHA512 | 1a704eb28f9e6177e41309f23ab577147c871c47c3f7407ae42151fd3e85d8450ed794c5f32ddf810c65feca1654b4f9098b76c48ba3328f59c3d9634f0b342b |
memory/852-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/852-21-0x0000000000400000-0x000000000042A000-memory.dmp