Analysis Overview
SHA256
8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780
Threat Level: Likely benign
The file 8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 11:32
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 11:32
Reported
2024-11-09 11:34
Platform
win7-20240903-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe
"C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1152-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1152-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1152-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-ERFUgp94vY3bOt7O.exe
| MD5 | c627540231e4851d5cf2a6b360c83f89 |
| SHA1 | f3bae5c061f10c560323ef1c47848440cbc05c74 |
| SHA256 | d3267ad8d0eb3f1ff3147373c3039500cf6af1fdc95eefa7ae1ed603f58683e5 |
| SHA512 | b4421148b5df06a4dcecaa7b4eef6784a44f961d771e1ca7f08410c0edcb3f009b59247ae98c1cccd3520d9f7372b38cf67e800820c69db07586fd3dfbcb919d |
memory/1152-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1152-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 11:32
Reported
2024-11-09 11:34
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe
"C:\Users\Admin\AppData\Local\Temp\8cb588a9d977b2d93d3dcb59367a10461ce6ac4575583a2613d443e3527bd780N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/1404-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1404-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1404-6-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1404-12-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-7HelGkS9jxsxcjDq.exe
| MD5 | 354b49aece24f04e626eff925893fb1d |
| SHA1 | 3e0220886a5fe455aea5629195bdde679d48e762 |
| SHA256 | 765adc8982be721fb1ada4394f65ebf54852af91a10793902beaa7d1e92191e5 |
| SHA512 | 4082a3df4b8c85ae22fe6cde5fb4f2ac4607bf18f108080a68e50d8cb79e63010edce83226f94c207b9f9ef93e37e948cff8771526db617c58e283cb7e192e5a |
memory/1404-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1404-20-0x0000000000400000-0x000000000042A000-memory.dmp