Analysis Overview
SHA256
4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63
Threat Level: Likely benign
The file 4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:03
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:03
Reported
2024-11-07 15:05
Platform
win7-20241010-en
Max time kernel
119s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N.exe
"C:\Users\Admin\AppData\Local\Temp\4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1996-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1996-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1996-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Qp7XynwC543myqeB.exe
| MD5 | 300d09892866b4f0462be42fc57a0aaf |
| SHA1 | 98766035cb2c4848629894daf194e10469318db1 |
| SHA256 | fa87a14a6b0e26dfe3da886d93847629814359e2987514c64a04b2c837b1c966 |
| SHA512 | 53526a35ef15c89fbbe76d7e2aa1a71ebf0d0a36920816f33ee0b53c6d569af9ca7e353294d60f9724c80ec400908759a8e046ba1183370d850af3d550e78493 |
memory/1996-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1996-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:03
Reported
2024-11-07 15:05
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N.exe
"C:\Users\Admin\AppData\Local\Temp\4d977b767e3068b0a4783c1a05a06f39c7d11699cb430055b14a73fa4e766c63N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/4912-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4912-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4912-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4912-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-GZtwGoPsOzYhe48u.exe
| MD5 | 09c530817b4e3ab935626cb941ca6561 |
| SHA1 | 8b5aea18ca873f0046cf05e840a55a419cb1033d |
| SHA256 | bbf8f67b060898fda16f672beb23f7d589ecc340d8f1be57fd7ef7608b3085da |
| SHA512 | 9a552b232488cc04e4bcfad9fc2be33836f52ca9b6b2b8b74bfad4b5951cc61fb065b32d3ebc6a8099ae47136943d4f20e92f0733cfd7458de2f2d4ef1ca30d1 |
memory/4912-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4912-22-0x0000000000400000-0x000000000042A000-memory.dmp