Analysis Overview
SHA256
194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836b
Threat Level: Likely benign
The file 194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:25
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:25
Reported
2024-11-09 11:27
Platform
win7-20240903-en
Max time kernel
91s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN.exe
"C:\Users\Admin\AppData\Local\Temp\194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2420-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2420-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-DaOhkT6b5uIKc9sC.exe
| MD5 | a87cffb471d8212f24818607dbb2dcff |
| SHA1 | 78de45b41a65926052672323a150558768d91d00 |
| SHA256 | 858f78ddb83510014c8d15c20e81878818bee9fb61759d2863e4f32daa44c964 |
| SHA512 | 3408334465e031f1b5a29e2aa618f563c4b2d6690e57c7252260d426af8e74088aa005ce503bb77bb7ce7811b02753ac281c8518961398f579717c532def78ba |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:25
Reported
2024-11-09 11:27
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN.exe
"C:\Users\Admin\AppData\Local\Temp\194ab2a4d45036ea974c94f87affa012980224f44e06a427e09a6524d5ab836bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.108.222.173.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 201.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/5000-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5000-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-cYjlNiIij6KBQNn1.exe
| MD5 | 45dfa7fdf21b9c7ec8fc46329a8d1068 |
| SHA1 | 9732f64445f7a10378cae9557d143ffa220f3019 |
| SHA256 | 0ba301c5efec37511d6f06c8e96c292888e7bc986235f6adea2a8071696839c9 |
| SHA512 | 657b38dffda3630ed8e57ef8e2b67b066f2b3e79df0170a0cb1676e35ea62c6013b8fbff2cd1f0e8d81dabc7737939ffb06c34d1aa06c4706e3ffe80b111aa53 |