Analysis Overview
SHA256
f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04d
Threat Level: Likely benign
The file f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 13:38
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 13:38
Reported
2024-11-09 13:40
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe
"C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 67.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
memory/2220-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2220-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2220-4-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-X6fNGfLezX0jkDUx.exe
| MD5 | 8d2e377fdcef5552222fd326e8b7a13c |
| SHA1 | 373800c89278aa5c9cbdf412598fa32bf2638a37 |
| SHA256 | b4fab7b57be69b81a9620a1f3517ff0e14cc080ce3ea4f471e2d583fd13b745f |
| SHA512 | fe68ef2f841d12dd18b3eadc52629c73b1d819852c0a790f17d9fa4e16531344daef8b7dbefc30fb48bcc32072c4fdae6c6131063e0bd4b4d86754c87a9e09d7 |
memory/2220-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2220-21-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 13:38
Reported
2024-11-09 13:40
Platform
win7-20241010-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe
"C:\Users\Admin\AppData\Local\Temp\f3ed16d9055dcc0dabdcc3503d17a4d4cd74da9f032ff09c6903577a7294b04dN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2292-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2292-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2292-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-mosVKy7YYKbqnPrT.exe
| MD5 | 1f3bbf6a57b4fe4058778b7403f7c373 |
| SHA1 | c200aea5fe8f94b1d8d9c20a9a213052e7b41973 |
| SHA256 | 0f419631a29e8b0c9bce9c43dfbbd4c5a6801b2fcff2e1331318629a7cae8e1b |
| SHA512 | dfad95de31f272625186b59d39d090cd86fda9f7f388ed9963c3b311b44f60d0165c0f00aad53cb4523f597456652b030050dee061da3ac2853b5c70d6e1f0c1 |
memory/2292-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2292-23-0x0000000000400000-0x000000000042A000-memory.dmp