Analysis Overview
SHA256
0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1
Threat Level: Likely benign
The file 0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:50
Reported
2024-11-07 10:52
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N.exe
"C:\Users\Admin\AppData\Local\Temp\0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/3140-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3140-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3140-4-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-SzB2keYvavI4rnWC.exe
| MD5 | 1a88a02dd2e9e12a5b8666b81600b411 |
| SHA1 | 425386470a489654c6e5a972061e95cec08821c3 |
| SHA256 | ba20667f897b73848db0d04127280192b4eda9134857f6d454ceda17d4e528b1 |
| SHA512 | 49bdb16060385bf9657167a426600fd9e46f486892e20a940cb0bb22e530bea2c218620030423a1aa9755e25837d41e7e65b829c5015bcdd47e545179b27bb6c |
memory/3140-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3140-21-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:50
Reported
2024-11-07 10:52
Platform
win7-20241010-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N.exe
"C:\Users\Admin\AppData\Local\Temp\0dcccc24eddb4142aeb31911a614d87002de75433aabbd044dc227a0a9d379f1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/576-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/576-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/576-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-ZX0Zh1iqspoqhiYM.exe
| MD5 | 975befec1f1e77bbf29fd449103f1a55 |
| SHA1 | 4e28932438243d8cb28e01c8c5f942405d723b1f |
| SHA256 | fc7a8a07529ec3598a7a439aadc1cf6a07beb641dc07de4d98a8683a2e790633 |
| SHA512 | 15fb7cd70799e39314321bfeef2bb3425bb6f97aefb546d374645ee9d26d7f430aef40fed1c0b2cc53ecea5328e160033723f8843fa3a0529f175d83640c85e3 |
memory/576-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/576-23-0x0000000000400000-0x000000000042A000-memory.dmp