Analysis Overview
SHA256
d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8
Threat Level: Likely benign
The file d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 13:37
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 13:37
Reported
2024-11-09 13:39
Platform
win7-20241023-en
Max time kernel
110s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe
"C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1872-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1872-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1872-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-pjWZzWSq2Mgvtu1Y.exe
| MD5 | 6e88cc4148e4cec8870b404e84f3ca4d |
| SHA1 | eee3bb89ed4fd05cab36eb13505e35b0f7f63b7e |
| SHA256 | bca90f68e68b9ec6dc630eaa81ba296db2807a0b2479e4ce8a1023d3dec501a4 |
| SHA512 | b8aa869d8b958904a235aeffcbac366bdcf5a55a0820b2bf22bb21c49800b8d65865390a3ac0943f3b629c30ee1bdb80268e94ef60880183caa185dc9873a639 |
memory/1872-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1872-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 13:37
Reported
2024-11-09 13:39
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe
"C:\Users\Admin\AppData\Local\Temp\d47335d2310dd3a457eb71222a6c444adfbb8317f99a39b9281d36daea62ffa8N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
memory/4744-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4744-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4744-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4744-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-ezQ94h48ifa9pJr2.exe
| MD5 | e609fbb2206d58fbb8dcf0bd6bf86db3 |
| SHA1 | c5c32e67f5be58c0d2a8b851a0498d3091a50aba |
| SHA256 | 0ac8e9e4eb8a62e7b09c022b309cea04b61708568cad01ee219f041ee539fb1f |
| SHA512 | 0c2e875d0c2bf493944a3529f1f8aa91a633d2bb6b1795e480d353ca4ea59f302a3ab9f755088abf2523d9cbc7656361e130095baebcb218279705e68023d510 |
memory/4744-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4744-22-0x0000000000400000-0x000000000042A000-memory.dmp