Analysis Overview
SHA256
8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1bea
Threat Level: Likely benign
The file 8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:05
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:05
Reported
2024-11-07 15:07
Platform
win7-20240903-en
Max time kernel
117s
Max time network
117s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe
"C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2256-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2256-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2256-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-6lVvdJlNife82AUm.exe
| MD5 | 74497594169a70225495cf91df764b34 |
| SHA1 | e5bf635802a157f3514e10de77a6a39cdba23177 |
| SHA256 | ab8fe3a225daa566e524c36cf950be6ea76f6bc472b320ec12b525c1a59a0e5e |
| SHA512 | b7a8e298f8609c9f4969c60a9ca50facf4db0a07a91244b1302caf52688b70ec91cac81c3ce79d0da8095252579bf1f3f68b688c1666fec6129f335c1c2bb934 |
memory/2256-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2256-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:05
Reported
2024-11-07 15:07
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe
"C:\Users\Admin\AppData\Local\Temp\8656f1517830f86e9f65e0cab1993ce674d90c9083ca2abfdc520714208e1beaN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/1568-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1568-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1568-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-YcisCNEktJfDvfac.exe
| MD5 | 410e0a8262b72cd762c96ac7d4666ac6 |
| SHA1 | 42d3bb1dd896a5b8186ede633c88778a9705114d |
| SHA256 | 53c80eb6c1b331fa8bc8e38563d463a62add9721d56e4899c6267b8cd8008f36 |
| SHA512 | 85274fbf763526c91410cee31b5ae3e2920375e2bda544a6f30a4d96b54aab0b249e9e9c5e9aa835c8c80fec2836e80863c5e43aa6dbf3a5cd691654374e84cd |
memory/1568-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1568-22-0x0000000000400000-0x000000000042A000-memory.dmp