Analysis Overview
SHA256
f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84
Threat Level: Likely benign
The file f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:30
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:30
Reported
2024-11-09 11:32
Platform
win7-20240729-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe
"C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2168-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2168-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2168-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-kbZjYNQhlPRBR4M5.exe
| MD5 | 9a46c43071e70d25a1f087ea47a02587 |
| SHA1 | 5530c4dc02a24d1f700ea225e9d821692b2b70d3 |
| SHA256 | 3694865bd2fa7c73de04f12c2000d3aebf651b7bc9dce8ddf9a00d63cd237561 |
| SHA512 | 2ad80cb97e3e53eb390f93846da56ee04a22711a2f0a217c73cf834b9ff7b652e77540745cf39c4b127b16803b822261c23b15530a42d7be5902870b01015ce4 |
memory/2168-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2168-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:30
Reported
2024-11-09 11:32
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
98s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe
"C:\Users\Admin\AppData\Local\Temp\f5bfeaab668fc7a7fd24c4a7a1652400f11c745b5017d037b8dae78f419d0e84N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 101.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/4760-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4760-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4760-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-zmgNDGHQ3JkAM7Oq.exe
| MD5 | 3b4d6d85b6293cde6996791a92e37cc6 |
| SHA1 | f65b71b224df88c6ca27a54ca64b6ed2940a8490 |
| SHA256 | a4dab750c3ca8ae22927e6357fa5f5807da718c18187ce1f8f567012a8b42d43 |
| SHA512 | 8912ffacd11d854bdfc117c5edc092e1a04bf9111ebcaa3473f1721dffc13009543f86d8e0f254ef38530a51d068be6a25a04d3a38dad73f5cd7b643c36f1e05 |
memory/4760-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4760-21-0x0000000000400000-0x000000000042A000-memory.dmp