Analysis Overview
SHA256
b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590
Threat Level: Likely benign
The file b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:13
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:13
Reported
2024-11-09 11:15
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N.exe
"C:\Users\Admin\AppData\Local\Temp\b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2932-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-8-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-11-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-AiQdqwcSb9bKqaIO.exe
| MD5 | 204e0228d38810376e15828ac4f5d7d5 |
| SHA1 | 3ed2626d98de4fb46de338a7b9006b712917215a |
| SHA256 | c85b22dd1a8fcd26f095663e6b1c6de1a73d03bfcfdf28a16ba2208c5bc4d0e8 |
| SHA512 | 2fee6e8d80aa9d9fdf0da079162332b0c9362246e3505766c0a0521c1328ad3ac834f44f769ca90fb23dfdc7ed90338d2c51cb3fa56ebcfa2549d6dec0d79e93 |
memory/2932-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:13
Reported
2024-11-09 11:15
Platform
win7-20241023-en
Max time kernel
119s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N.exe
"C:\Users\Admin\AppData\Local\Temp\b7ae0210aa6a545953f8fdca75f5814b11887dfb616eca738c0c70374584d590N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1628-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1628-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1628-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-lVhBdJ3UPWCyBtO6.exe
| MD5 | 5b9af1f50f08e867364342ac83af8c32 |
| SHA1 | bb903393863cdbdf8c800fd270f5a89e2d0087f7 |
| SHA256 | 1bcb3d5c644f02198c7ed27b76b56cbf3ee9372ed916320637b1fce062cd4ef1 |
| SHA512 | d80e41e646394aa3ffc50f5019eb601af5d2dd397b1c307bd35fae77eee3c678ce58e8fc8f65966464132990a03fe8853655b691a31b0558ce671388a3a73479 |
memory/1628-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1628-23-0x0000000000400000-0x000000000042A000-memory.dmp