Analysis Overview
SHA256
074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9
Threat Level: Likely benign
The file 074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 16:03
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 16:03
Reported
2024-11-07 16:05
Platform
win7-20240903-en
Max time kernel
117s
Max time network
117s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe
"C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2228-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2228-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2228-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2228-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-2HcTx2QaiFRUxQCT.exe
| MD5 | 288f564a427be99853818e6fc9d4758c |
| SHA1 | 2de54b3a5b624506590278b6975fc41ecee71450 |
| SHA256 | 7c49aefe607e81c58d4219f0bafff43fbcb684e3b544d804de906b9c1cc0af68 |
| SHA512 | a491fe4cceafd65bd8be9828f7c57e4da611c7e54d64d4fbb38b7a490c5d6bdd9ab7a49c6c8d8e88912a74dc4493703dfebe2eb7f243f0f8684e9ad3de57cec6 |
memory/2228-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2228-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 16:03
Reported
2024-11-07 16:05
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe
"C:\Users\Admin\AppData\Local\Temp\074d14fc5869f567b623c46e504a43a80fa52fe9923dd2ff1c26d904b75b5de9N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2696-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-zqc84lT2rdwBBy5D.exe
| MD5 | 8473ea4800ffc3ea996064e0f0125825 |
| SHA1 | b085953d08dcee3b2b736e1d0df58166c5fca15a |
| SHA256 | 040bd10b4c180c6081f453d382cc3ab33333748d5d5b42e94fbf2777b9f18294 |
| SHA512 | 98aca402721806b9e01dad2ebf124b9986ba18ca9fb150e41267a663a7d5097c65bc061b486f8affc34e00bfbc075335f0e82fc9a81f64ad2a917f7695cba3c7 |
memory/2696-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2696-22-0x0000000000400000-0x000000000042A000-memory.dmp