Analysis Overview
SHA256
bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bff
Threat Level: Likely benign
The file bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:51
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:51
Reported
2024-11-07 15:53
Platform
win7-20241010-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe
"C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2004-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2004-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2004-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-FwGngnggqfT1Yf5v.exe
| MD5 | 7cb8b289630dbb5cf5ead46703301c5c |
| SHA1 | a04d257aca62cceaa03ab82995fc39280bec723b |
| SHA256 | a33d1252c2459f36d92ea92013b3ffdf88838c3caccab43dcc60b112fe70b6c1 |
| SHA512 | 3e85b84f6d31d0da92ac7b70e8b2a82829d854c74ab20df3ea89865b3e47979dbd53302cdca08521ce6fe955f6ed36cd99762fa3b09d5e7bec97f5fe7e9d5573 |
memory/2004-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2004-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:51
Reported
2024-11-07 15:53
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe
"C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/2556-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2556-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2556-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-xTjpXmsCI4JzKOOd.exe
| MD5 | ed90976f758b79b9d187e0e9f1ba04d0 |
| SHA1 | 05ec6d68db54ca01426906ca1a4cc83297699167 |
| SHA256 | 7b03f64870a49b5311ea1b9c3c1a699c49c6a7f25a47abec9edbaa907351edae |
| SHA512 | 4a7b7ecee489f59ef8980f7c4a49c99a3b8cc5c00a8d69eb9b0c63b4693ae8a0e1837598cdc66141b404a711702a269aae058d066ad395167b53cac26ee1fcd1 |
memory/2556-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2556-19-0x0000000000400000-0x000000000042A000-memory.dmp