Analysis Overview
SHA256
71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9
Threat Level: Likely benign
The file 71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:32
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:32
Reported
2024-11-07 10:34
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N.exe
"C:\Users\Admin\AppData\Local\Temp\71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/396-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/396-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/396-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/396-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Aq3GOFll1SdYEyqd.exe
| MD5 | b82020b9dd658575e9b601fced4db1ed |
| SHA1 | 5f2a5e4a5975bf6ce46f37490ed9c6ac8ab84d3a |
| SHA256 | 12d0c65b2e6f8019d3cc9eaf7d1a7319ed543a769c3d610a151ae236bc2cfe85 |
| SHA512 | bafb8594f1560ad0aac9928f462d34ea27a02a2b3a6417db5e37dd2882623e7c93c86abd03ca11f5df2ea553354a082418afd3edc5a3948029268bde08988d42 |
memory/396-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/396-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:32
Reported
2024-11-07 10:34
Platform
win7-20240708-en
Max time kernel
119s
Max time network
98s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N.exe
"C:\Users\Admin\AppData\Local\Temp\71ae3d7bc8792f4212ee30ff74d0891db757089a6e1b49c385abd7c02aaba8d9N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2640-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2640-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2640-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2640-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-wgtYghGr6vnPLRve.exe
| MD5 | 320b7702cb4d0de0bbf913c5e253b667 |
| SHA1 | 409b3accadb76d36f3574e987c89195760af7aac |
| SHA256 | 8e24f75d761ad510e0b1cc848bba9c2ab7ff0eeb0083cca0e9ac7f0ba0fa25b4 |
| SHA512 | c0ad9abc07a32caf200d5e884ee6195614a2b72dcf2573fe32f4333bb15551c74df1e1c0a53df81d4fb105d79f78b6e2983cdfe70f4d614d2e6eac2339c72fad |
memory/2640-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2640-22-0x0000000000400000-0x000000000042A000-memory.dmp