Analysis Overview
SHA256
7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8
Threat Level: Likely benign
The file 7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:50
Reported
2024-11-07 10:52
Platform
win7-20241023-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe
"C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1776-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1776-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1776-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-VDi5jjkwPZh9liPg.exe
| MD5 | 65e18b8b1fb55cda30f275d9524ddd67 |
| SHA1 | 2b7733d48a8ea674a54ea506ffd15d59586c2d0f |
| SHA256 | 6d0a9af4b62ed9f3eb5e37d540fff66c663a069b8a388f98f99bf9a780fc7d1f |
| SHA512 | 9ba5b8b395b896d44652125552494e01c626a5b49c692af1c4a7385c9df5b34c1a092f32cb7a95be6490f614514ee321486b83fb332457fcbce6cd3aef432304 |
memory/1776-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1776-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:50
Reported
2024-11-07 10:52
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe
"C:\Users\Admin\AppData\Local\Temp\7f96e3091cbe7a0e6c20ab88221918ab0a60159bd8ab41430688f16c6b54cdc8N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1536-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-11-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-eisHMjYN7sEap245.exe
| MD5 | 10bfccbf2eeeb524ba5b4ce526becec5 |
| SHA1 | dad0d60e2d5925f522b0869411c29398eb802df0 |
| SHA256 | 1fd7f70a5e88a0285b3d85e99a5622b4f8836467e732a9a784820aa3dc6913e8 |
| SHA512 | b12f53358a32d6ef520d32deda47dbb01e48e154a5d4941813684c6c2b5935ac363458071b968840fb719fe726feea979caf1aca17bac9ff622fe8d855cfa44a |
memory/1536-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1536-22-0x0000000000400000-0x000000000042A000-memory.dmp