Analysis Overview
SHA256
6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1
Threat Level: Likely benign
The file 6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 12:07
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 12:07
Reported
2024-11-09 12:10
Platform
win7-20241010-en
Max time kernel
111s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe
"C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/564-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/564-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/564-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/564-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-09SID8SzqDKNMinq.exe
| MD5 | eb3bc16804e1a48b0860537e19c0fa74 |
| SHA1 | 58d8e7c859cfa73f94cfbcbe0bc560e99432782e |
| SHA256 | e7efb57254f9b58bdf14899d5c607446d9c809dbea637d27e411d2d0894a0f7f |
| SHA512 | 3966d522016874f4df1891b192bd00083cadd691b74cb756f086db10494d04f89910add04c1d280906994030b674e302cea77d30e3e6f9f168e0196603639fee |
memory/564-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/564-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 12:07
Reported
2024-11-09 12:09
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe
"C:\Users\Admin\AppData\Local\Temp\6345dbca532407f280f6dd110941f8ce89d4a59f24f8781fa3ae2c1e315df3e1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 68.208.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/2560-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2560-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2560-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2560-8-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2560-11-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Wtu8M76YZkGRLpsp.exe
| MD5 | 9c72c6ce7274698d573d83a8f5ed50cf |
| SHA1 | 58dc62e8ff63870063fdae3da3fd5d33ce43f3c9 |
| SHA256 | 2431aab70ee425477a7867c63631b9fec8395be2bb8bac1ce1a4f1a8ac3846ca |
| SHA512 | 7acdd8dc49180d8b74bcf96ba0dbe9946c989d1895d6f2c0318137c1616d1204b9a7582f77ba10368355f8e776f0163f6d125a1ef9c253443eeb40d2f1bcbb35 |
memory/2560-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2560-22-0x0000000000400000-0x000000000042A000-memory.dmp