Analysis Overview
SHA256
3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083
Threat Level: Likely benign
The file 3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 10:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 10:21
Reported
2024-11-09 10:23
Platform
win7-20240708-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe
"C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1740-0-0x0000000000400000-0x0000000000427000-memory.dmp
memory/1740-4-0x0000000000400000-0x0000000000427000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-5QfjuQnFqlyRTvBW.exe
| MD5 | c7dc6323646a999ebec1cc484fd6956c |
| SHA1 | cdf493570b919b37a1af79a56aac447d5520a81b |
| SHA256 | 4a66d3e522d8001af9ac1c90f730373284f70f9cdcd11571037babba41d62428 |
| SHA512 | 3dd6fd3bc9dc1b0c91cd5e6fa163272ba40ed0aba0bd9904d9abb484f3b8b5543f6c3a351d73a5e5b2a2d2fda366e3435017e53ee7552d255824cd1a7edf7382 |
memory/1740-11-0x0000000000400000-0x0000000000427000-memory.dmp
memory/1740-21-0x0000000000400000-0x0000000000427000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 10:21
Reported
2024-11-09 10:23
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
95s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe
"C:\Users\Admin\AppData\Local\Temp\3610676cf0d883b415e3585aab0a65f4655ec333182367734b2b46b9b6f37083N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/1092-0-0x0000000000400000-0x0000000000427000-memory.dmp
memory/1092-7-0x0000000000400000-0x0000000000427000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-bomwTSVNtt0YWaDx.exe
| MD5 | c782ecc92f0912f2b06eabe32d85d630 |
| SHA1 | 7d88a98979189026a74707a734273800172a5b71 |
| SHA256 | cdc8474c19937fa52c785edfec0be61892e3ba079006011f243ab7e69b03f28b |
| SHA512 | e5bad449b5103c3b7cac4d76e893a936eb1daa82fd1e2e9153588fba4d9feea1cef505f6358dda6252e8d220b6f3a52d67bf550a507ba760da55c3aa162257db |
memory/1092-14-0x0000000000400000-0x0000000000427000-memory.dmp
memory/1092-21-0x0000000000400000-0x0000000000427000-memory.dmp