Analysis Overview
SHA256
a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21
Threat Level: Likely benign
The file a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 10:52
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 10:52
Reported
2024-11-07 10:55
Platform
win7-20240903-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe
"C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2556-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2556-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2556-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-TX2e4gYW7oViOxuF.exe
| MD5 | 0c19ef0dfdb4be61fb3a1accc8804653 |
| SHA1 | 198884015eb1a61657edd06ce85272f56ea63bf6 |
| SHA256 | 9e09f43d580c61e3763ace024c5f15d404eb5955339c13821f6daf8437c05d3a |
| SHA512 | 17564363a42d488de8266aa1b17d0973235bae334fc9b3aa001cc4ff95da2a02ad49c6d9a9029aca6d46febad43cd5468229eaddaaebcafc0c1306abfdf1333e |
memory/2556-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2556-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 10:52
Reported
2024-11-07 10:55
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe
"C:\Users\Admin\AppData\Local\Temp\a8a4bc80e5462754167b1ea7c68885e183e7e4619b9306a9bec6cb3a0151bd21N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2256-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2256-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2256-8-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2256-12-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-oFCDqjkUswiuvtCm.exe
| MD5 | 50c01fcfd00270764e40b6575d3bd5c7 |
| SHA1 | 265fa6a878bd01f08550bc85e1dc1392efc193b8 |
| SHA256 | 0833fa82eaea5e4b9146bcfa211496f1526c08b14d133380a29ffe5ad3bbd05d |
| SHA512 | f585f86e2c9633c009b2fc6936700c44272590ff238f9d36dff171a73a92b18118869918a168766ad31f5b5f50b07487b2dcc855e0b00d222793903c2478c8e7 |
memory/2256-20-0x0000000000400000-0x000000000042A000-memory.dmp