Analysis Overview
SHA256
fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2
Threat Level: Likely benign
The file fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:27
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:27
Reported
2024-11-09 11:30
Platform
win7-20240903-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe
"C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2980-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2980-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2980-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-VeRsZRxndh82BFuX.exe
| MD5 | 912b294b5fa8299b3291b1db6db01b55 |
| SHA1 | 24564a322c13d8ffc08f5b2536f74adbfa3cee33 |
| SHA256 | c047647d87c75f59065cae17a9b90d769b3a4c7a3d6c6bcfd39f13b848ffe442 |
| SHA512 | 11646565c5c6399e2396fdcb6ec9b3795adbdafa87baa8054fb126dd825ca605d98da84c646cf338ae7f892c660f83a8f3bd6e5871864c13c45bd260b3fc706e |
memory/2980-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2980-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:27
Reported
2024-11-09 11:30
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe
"C:\Users\Admin\AppData\Local\Temp\fc9b8c38ad35277a3460301ce4a542e7f8c31b12b5d4d5c04aa97733ea3a34c2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 147.108.222.173.in-addr.arpa | udp |
Files
memory/3932-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3932-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3932-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3932-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-T201BiCalAEWICAt.exe
| MD5 | c12e5686d4ecbdaf6802226f333903ef |
| SHA1 | bbe6d8793e22a5d215100c7681d79b811e40e0f8 |
| SHA256 | f5cb79493add9fca9574efcd907afb7261fe20e13bd4485ebac7e088b5d1118f |
| SHA512 | 6ffa0470ec3ef9a176ebf18c4e47426b2b2eabbca0e4fcb4a0e3cb3a9a40407b692f7ce1c2cf3ed85d8eb0a46eb6106934f0b9c5fb0d0eaf556b82d85e9d15ed |
memory/3932-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3932-22-0x0000000000400000-0x000000000042A000-memory.dmp