Analysis Overview
SHA256
e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2e
Threat Level: Likely benign
The file e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 13:34
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 13:34
Reported
2024-11-09 13:36
Platform
win7-20240903-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe
"C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2340-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2340-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2340-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-BR7K60hnb5V5xohI.exe
| MD5 | b0293a546fb85208144732b7e50d06c1 |
| SHA1 | 1092ea7a25dd0fb5e8babfca76226fe653c8763d |
| SHA256 | 95862adc362f9ad936ac48b1be0a07f39d8ad07f76a791fedff6cac482b18d4e |
| SHA512 | 274601c32f262dcf609bb96416c10f64fa99ac0058eeb8b040fc3e6438d628fdaefd39eb818d66337d18f43e8f4920b95e70bb5005647a50ccb02d8d64bcc434 |
memory/2340-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2340-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 13:34
Reported
2024-11-09 13:36
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe
"C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
memory/4284-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4284-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4284-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4284-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-HTTZAgyLHiuNARYH.exe
| MD5 | 5b46074959e17b8d0988d82a3de62bd1 |
| SHA1 | ef6c2429812cdd841227c5301d9a2122503c3cad |
| SHA256 | 3e1ee05060fe3064653b2e58beaa787ffb1a7af698ce7a0178df987f4aa1b6b9 |
| SHA512 | a98926a69e57c131d380b2575a41160a69d149a5d0e39e5034ba4e4f845edaa1e2f0e695e43d3079bd10c97404f7ae3e3b6f432e20a41e2f3e1471d6a7734814 |
memory/4284-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4284-19-0x0000000000400000-0x000000000042A000-memory.dmp