Analysis Overview
SHA256
9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042
Threat Level: Likely benign
The file 9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:31
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:31
Reported
2024-11-07 15:33
Platform
win7-20241010-en
Max time kernel
120s
Max time network
112s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N.exe
"C:\Users\Admin\AppData\Local\Temp\9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2200-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2200-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2200-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2200-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-y0VyvrLbenu3AIug.exe
| MD5 | affe395014d2f7bdb18ea9545ebcf837 |
| SHA1 | 1a1bde40943658c09e4e237298a7d58476b00103 |
| SHA256 | 90fb6141361fd789d40d0d04e548953fe476846047572a7f5fda5f937d741165 |
| SHA512 | bc00ea4c96f2af0fd7a699029cb679c7e83121dee7486110a25762ef6197eec3b6291974ce28f7f3f144f3f72d4aafa03b8e18fb0f49ae59f55dfff9b483918c |
memory/2200-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2200-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:31
Reported
2024-11-07 15:33
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
115s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N.exe
"C:\Users\Admin\AppData\Local\Temp\9fb920042a1328f4aad95486a7f422db5e1f02169e5cd0b6d4acae9fca341042N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/4996-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4996-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4996-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4996-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-IbAlR0W5JWTMDbRs.exe
| MD5 | 61ee76f66a434030c8445b74620ea843 |
| SHA1 | fc24b9f1dd55a9fda868541713a16580b73b21a6 |
| SHA256 | 6bfa537f8561c91de4d599979b6ff2d15b24d5082fe30f8ce02d2b91668224fb |
| SHA512 | 1071ec1ebfa48579a66530576b89d082413c4d277a3e08b305ece37206256058eac327e07093644c2bf9e5f2d322c3081e77d240eece86e1a9e9742246ff01c2 |
memory/4996-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4996-23-0x0000000000400000-0x000000000042A000-memory.dmp