Analysis Overview
SHA256
b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974
Threat Level: Likely benign
The file b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:39
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:39
Reported
2024-11-07 10:41
Platform
win7-20241023-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe
"C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2952-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-esMukkq6mqoIM1lv.exe
| MD5 | f8dfd483e4c064028b19dc1742cb65af |
| SHA1 | 01fec2d1fc2d0a0f1e751ef855bc7940a09f6591 |
| SHA256 | b542ad05951d0300f0ecefd602094e886c28da8e2b577a83143efb183fdbaa48 |
| SHA512 | a0f39146832b997f97bff9945ce2168adef9730f9b523aa18ba43ccdb506408a5aa1684c046cc28488652171197a35c24b4204c490d19073f261d53481e77975 |
memory/2952-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:39
Reported
2024-11-07 10:41
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe
"C:\Users\Admin\AppData\Local\Temp\b40ddc6df90dd8ce497d14f0844b66a7df8b6d8519fd7253b140eb50795aa974N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/4868-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4868-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4868-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-qaWVWbFMKAQoaqCF.exe
| MD5 | 916f3e568d5d882089d73f437cd84fda |
| SHA1 | a071cede84e5ea70b4d583da18fbca7469dc1a73 |
| SHA256 | 4692765576c4ea7b6cdcfcf3096663af8bf779f61d6c1e0cb70e9d2e1a744aa9 |
| SHA512 | e0a6118db3c27ac831a32776c8b138c062e65e8351b180b4985617738fa0aa0652f310a1c67773e6b8695a56bbf7f0993bac35dcd15ab31a9da40b79f9ffba2a |
memory/4868-11-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4868-19-0x0000000000400000-0x000000000042A000-memory.dmp