Analysis Overview
SHA256
2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7
Threat Level: Likely benign
The file 2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:31
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:31
Reported
2024-11-09 11:33
Platform
win7-20241010-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe
"C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2932-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Q6pLQra8xDAgjZI7.exe
| MD5 | f7238f6d523fb269638b4bca5c1ed54c |
| SHA1 | 95ba1c3f861009fe669062fd7dc16ef7f94a65e6 |
| SHA256 | 2a8cc0418b55647dbae5ed309cdc9e7015534c4aedd1793601d208d87d6a8830 |
| SHA512 | 3e57e85fde1efba176a7b2d76742cba77f758dcd27fc4e60b87ce94d670dbf7e140e777f605639f978e52dc56b591fd979aa9d711550acc28e890fe973ba8cf6 |
memory/2932-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2932-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:31
Reported
2024-11-09 11:33
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe
"C:\Users\Admin\AppData\Local\Temp\2734552e1fb356ea0723c8ce7e54fa2dc3b7fb1e8e9b7f9928fae459070caba7N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
Files
memory/2116-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2116-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2116-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2116-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-PLweSb6fUYXhPTdz.exe
| MD5 | 9736e76618855232acf3e4f560939857 |
| SHA1 | 055dfc3577633f2c7ada3d91efae91136e7a11f9 |
| SHA256 | 2aa248bf9e99480a642ae0469c003e0d6a1ac9870e3f1631a4e6ddc3d490c08e |
| SHA512 | a7bc2ed572d88d8f2e578216f16a9ec6231bdd42f93860ec007cbfca3c7506c3ee47196683d681c5e37f3581ef1737f5553f8cfdc3a88e0e8b5e638f830538d5 |
memory/2116-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2116-22-0x0000000000400000-0x000000000042A000-memory.dmp