Analysis Overview
SHA256
f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131
Threat Level: Likely benign
The file f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 13:40
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 13:40
Reported
2024-11-09 13:42
Platform
win7-20241023-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe
"C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/3060-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3060-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3060-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-uISXhvOrRykcB0Ci.exe
| MD5 | 13e12729734669258b3a58c09ee0de21 |
| SHA1 | 974ecafec41cfe9c68822e3745faebd4636a4207 |
| SHA256 | e7c4a2a3a8fd46497b813499d70b5875f99c5389c2c59144dc0b21103d484552 |
| SHA512 | 6e758f07950b5aba7e42383c94fe4479d96b826a8663caf9d103a22055f3211bc19494a710b553005662458eb477c8d61e463327e7905353dba1232c136f35e1 |
memory/3060-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3060-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 13:40
Reported
2024-11-09 13:42
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe
"C:\Users\Admin\AppData\Local\Temp\f14c8f547ae7b0eb2f67ad1907641ff315f9ea1ffd392671f96587f3f6d8d131N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 100.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/468-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/468-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/468-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/468-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-4fRVUJQMlJkocWJn.exe
| MD5 | 3ce81f75fe1ac7fdc7301fdb157b4133 |
| SHA1 | 0ba604af9df8d8c0e1a61676b88d6bef97679607 |
| SHA256 | 51842ef048ab130297b506d6dff2ba73c49092c5c1dadf64c7f56dd9c5dec487 |
| SHA512 | a4e4b21c55e8823a9d083c1017836d55380052ad26cd78dab2be0a661fcdee5ad5c3ea5e008cc7603682eb38ae12459aa806ef103defd63ed5f3b445a187a0c0 |
memory/468-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/468-21-0x0000000000400000-0x000000000042A000-memory.dmp