Analysis Overview
SHA256
90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584
Threat Level: Likely benign
The file 90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584 was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:46
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:46
Reported
2024-11-07 15:48
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
147s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe
"C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2792-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2792-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2792-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-w1UUU3fpp4XVH9pR.exe
| MD5 | ea588b89621770448b1bf13bda5ca64b |
| SHA1 | 43250dd41f81bd073f97dd12c3e36a4448fd6012 |
| SHA256 | dcb2e6f68df91aa70e57e86d9f059c0b624f1beec134ac5750b189ab6469f58a |
| SHA512 | 43852471bcf36f4573ae15cec3aa2262e9f8f55066de0107cfb28e3b124f01f3059c9583871e75d42df2b4ab23f718048f36539ce7f1d174cec60d59a1e4f3e3 |
memory/2792-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2792-20-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2792-30-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:46
Reported
2024-11-07 15:48
Platform
win7-20240903-en
Max time kernel
141s
Max time network
123s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe
"C:\Users\Admin\AppData\Local\Temp\90e1e1cac361ff775957af1e6aa29b694c9c7e571176fe1538a50e1e1a6ee584.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2328-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2328-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2328-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-1oMCHqg4Y80CqkKb.exe
| MD5 | 8a5bbde8a016244adc34388de185de8f |
| SHA1 | a334e2f1d9dec19a00ba3c6bcfc2c793edb1dd2d |
| SHA256 | 45491eabac91a3773ad9d5deae925bcc27672cdf5106c3a1bec8a60942c3ead9 |
| SHA512 | 9a95ff07d67134ffa968102b8c932e7a48ddc150f5895fba47f3927f3c4e8f7ed8de2233881f4f7c034e8dd96cf3491eaf34d791cb83dff9714647bbd36e3098 |
memory/2328-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2328-22-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2328-29-0x0000000000400000-0x000000000042A000-memory.dmp