Analysis Overview
SHA256
9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8a
Threat Level: Likely benign
The file 9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 15:56
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 15:56
Reported
2024-11-07 15:58
Platform
win7-20240708-en
Max time kernel
119s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN.exe
"C:\Users\Admin\AppData\Local\Temp\9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2696-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-VM3R11WtDXiDQPWr.exe
| MD5 | 5ff82d13595d7b7423475b1dcfa45513 |
| SHA1 | d91ba2a3884663ea5a5364cb3907bf706735ff81 |
| SHA256 | be5999fd1222d816d1ce186aa0ee95e76e4ec7285c0d322455532de4b3343544 |
| SHA512 | 0c0e8cfe6a8c2d44b0f47bb03c56cb384aad9f7cc82b0e3084eca41862da294450f7fe0bac48639a7cb75e566eab8c07f930f5dd73311589456b8f538a5b7cfe |
memory/2696-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 15:56
Reported
2024-11-07 15:58
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN.exe
"C:\Users\Admin\AppData\Local\Temp\9e3f750a7566f7ff8c761085633286ec574c0a93802be3a3183e537b58162d8aN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/3824-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3824-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3824-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-eEVA89jIvht6ge1W.exe
| MD5 | b9ce006709b9fad5fd351d2567cc4e4a |
| SHA1 | c49772818887603f5a195e05bef02ab64746cc25 |
| SHA256 | abe09bef58472910e34e069bfe083bebf43c28e041ef1e13c5e0f87bedf47d5d |
| SHA512 | a7e37bb2f29057f7f43a5d0be511c749e44f12f55f692530147c38eac2c28ba9cd1dbcaf7cc2fd1a78ac94cacef7abea0cf842b9b77cd730626c57aa09d31c90 |
memory/3824-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3824-22-0x0000000000400000-0x000000000042A000-memory.dmp