Analysis Overview
SHA256
cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1
Threat Level: Likely benign
The file cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:47
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:47
Reported
2024-11-07 10:49
Platform
win7-20240903-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N.exe
"C:\Users\Admin\AppData\Local\Temp\cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2280-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2280-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2280-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-60xWjbj61BFUWIzm.exe
| MD5 | d318124c85f2d370678a4e598914d679 |
| SHA1 | f4b62fd4ce203161c6aa366c44ba7d3eacf81f60 |
| SHA256 | c33480bedb74761f578928146a5dfabe7d94928dac415c35b866b47fca499852 |
| SHA512 | 2998f7542246874483593b996f6aafd9e626c38037d4e94ac47ccc750921a19eb38a03a51c4caeca310f2b34df56c9df2d84963d3f3d0c48789567cc72ac3313 |
memory/2280-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2280-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:47
Reported
2024-11-07 10:49
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N.exe
"C:\Users\Admin\AppData\Local\Temp\cdfc4e554ca1ae0cd8a68b6b4589bec3fafd1718dc49464a21ef0471b72afdc1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1892-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1892-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1892-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-4Qc9FpwgRg5Aikx2.exe
| MD5 | c0497cad23c7fa5d6d9b9160da51cfe9 |
| SHA1 | 3c72f05c99c1c1c4615526e5d61ce1cb8ff3dcdd |
| SHA256 | 39a8252ff2adae98bf245f37f3a3a3c5dff1d1f5b5a31c40db23737e49a9e318 |
| SHA512 | 81485ecae33f0c6012d283b44ba83f1da586db18ce7a23acf3da5c4d9bd0b51106accca1962b790fcf0f62646c00dc3cb849457540b977bd41ed547c5d7951e9 |
memory/1892-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1892-22-0x0000000000400000-0x000000000042A000-memory.dmp