Analysis Overview
SHA256
607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55
Threat Level: Likely benign
The file 607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:35
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:35
Reported
2024-11-07 10:37
Platform
win7-20240903-en
Max time kernel
94s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N.exe
"C:\Users\Admin\AppData\Local\Temp\607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/276-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/276-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-keSXSsyBeteUY807.exe
| MD5 | a16b0dc041e9d68ece4cec033e8a4507 |
| SHA1 | 568d9afbae0608d0d4bbd341a7b11143e939c33e |
| SHA256 | f7a5508298cd94ab357295c5b6ca5e486a325e89138084ea37b66758ea7e30a0 |
| SHA512 | 33af10170f46a4e39a4a94e5f3c82fe80035992abdff82047719ae34c0b0366d174149957b8db4aa44a8eacc9587f7c2d355768067f4726565748e65ce84c544 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:35
Reported
2024-11-07 10:37
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N.exe
"C:\Users\Admin\AppData\Local\Temp\607068374fc9346e87f999c6c83d350372d2737548c7a0f9f5d2761c34d95b55N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1392-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1392-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-4uikU4KPxUBnZKVV.exe
| MD5 | bc12574a38e9d70350b9fa8dc13a666d |
| SHA1 | 306c65c77f325f8b4baf3f4db96f3f6520a22af5 |
| SHA256 | 55e0cb73453a1051e035ab1236a4517f7d6e7a377917ffa155ca6eadffc4a364 |
| SHA512 | d2344b6a8d97e456352775e1857ac48257c3d42302ab79a1436f9dc60dda76eb2d438e9bcd2b7a1896166664d3ee4bbf5465cbe0730015f115e299c692866a91 |