Analysis Overview
SHA256
cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286
Threat Level: Likely benign
The file cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:22
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:22
Reported
2024-11-07 15:24
Platform
win7-20240729-en
Max time kernel
119s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe
"C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2088-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2088-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2088-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-leyvSw54kx16coNA.exe
| MD5 | 28b1ab36aad51d96676404a2b8ae3099 |
| SHA1 | 457752784baba29ac52dcfd893319ea5ab3ed59e |
| SHA256 | 0dd4de3d71133b87a3063930cb45704e6a078d36cddf16fb0da13ad069d841cc |
| SHA512 | c903080b6336f0020a477be576a39a14b34d9c3e75e847be451c0bf17d95b6b7dc75c289608ee8f28eb107f2631c2b474a8646c1d62dc8424d701a0b68e742cb |
memory/2088-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2088-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:22
Reported
2024-11-07 15:24
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe
"C:\Users\Admin\AppData\Local\Temp\cbbb8541c41402e15dd7e0d88e3f0fe8ae014ba2b55db6b713e508d7f4951286N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/2952-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-TXsLxjszpxRZZgeb.exe
| MD5 | 29e7092497c916774135948f6ecaabd8 |
| SHA1 | 5e4b8d99a738c5cb9e17be59dde7d919bea4eccd |
| SHA256 | 32b216342f36ee9eacbe2c9e7b521e0ae93e5b132ae5e02f48a98d8b8f76d8b4 |
| SHA512 | c78b390c97232eb2f7274ae489adea0bf91eb563cd7c6eab1ed4ca9008a851ad8200cc4c99ab67adf1e5da16c36f4c4a52f637d8a1394fb3ab6511e7deb392fd |
memory/2952-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-18-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2952-22-0x0000000000400000-0x000000000042A000-memory.dmp