Analysis Overview
SHA256
c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38
Threat Level: Likely benign
The file c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:07
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:07
Reported
2024-11-09 11:09
Platform
win7-20240903-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N.exe
"C:\Users\Admin\AppData\Local\Temp\c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/604-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/604-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/604-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-M4dy6DGTjOuo9eFH.exe
| MD5 | 715eff4c5c25a5072805f28ddf72aae4 |
| SHA1 | dbbaa80027f8e3613fa92411a1067402595e03ce |
| SHA256 | ec5105892135e5a6fefd5f6445f1a4b13c993d5c67242f2de97e9bcfd330e06e |
| SHA512 | 2b73b10ed40b0e218fbbca1aa5f3467d7d5f9bb31a4e2a10ebf28f8c2d738107855c9bbc228a3dc56957d05396e5a59e61854225f4cab1529ada9660501d0dac |
memory/604-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/604-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:07
Reported
2024-11-09 11:09
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N.exe
"C:\Users\Admin\AppData\Local\Temp\c5350f9a759e147cad7a5dd006b97efbd123663c312b64e30d2eda57765b1b38N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 115.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.108.222.173.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/5020-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-iUZ3THXokqtEwTg6.exe
| MD5 | db010ccd0903917439b68b5cc976439e |
| SHA1 | e7d80c21a51e5d95ca884eb029499f6e7a93058a |
| SHA256 | c38ef5bd7ff57ba77af5a9e13d80d05693c7895d8904c9e2735beaf16caae42b |
| SHA512 | f09ed402866cfd274a92b58ea915e6e82a123ee71eb912e4d4408fa789404dc933622b86802a38f8598c0a5bc9c33e7b56d6fd2a2cbeab78ef2f69f1f7b3a749 |
memory/5020-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-20-0x0000000000400000-0x000000000042A000-memory.dmp