Analysis Overview
SHA256
908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497dae
Threat Level: Likely benign
The file 908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 13:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 13:50
Reported
2024-11-09 13:52
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN.exe
"C:\Users\Admin\AppData\Local\Temp\908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1732-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1732-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1732-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-ZHXF7DrCtBZgrn18.exe
| MD5 | 9701c6caa484541757ffa5d7e76af3e8 |
| SHA1 | dfec6ee5691f0c91d8d504e673e1ed15ef0a8839 |
| SHA256 | bb06754f100c07c4654f7805632ac2a4968faf7a4cf056aa8c17b57d4b9b56f8 |
| SHA512 | 18f49c53ef5063c773e7c2af2e9756e0e7fed892a99b70d3de0362d08f8c38347c0de4e2c5018c6bebde3dbcc3787e24a55f7c100d3cdd5b35918e599dfde468 |
memory/1732-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1732-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 13:50
Reported
2024-11-09 13:52
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN.exe
"C:\Users\Admin\AppData\Local\Temp\908b48e073a70fdf13d7f80b2c2e772334431df248260845f6defd18bd497daeN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/1996-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1996-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1996-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-tI06JwNpxBuLHrBQ.exe
| MD5 | 346c074a2224e2173c8a8cfae4b88ba3 |
| SHA1 | fb6b436bcedefe6a7906c618a05462dee77ed879 |
| SHA256 | e105a828b092566014a4da8936457aaac2681c0eaf64df522913ce3eb4069ff5 |
| SHA512 | e5c7721dd90dc05939a573df4d43e79bc041b9d01a462df5877e33209de0c3c796a9ac823a0476a89b39cdb8287a23cb7c5ea235ca6cd4d6c2367377b3883699 |
memory/1996-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1996-22-0x0000000000400000-0x000000000042A000-memory.dmp