Analysis Overview
SHA256
d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05
Threat Level: Likely benign
The file d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 14:32
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 14:32
Reported
2024-11-09 14:34
Platform
win7-20240708-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe
"C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2476-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2476-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2476-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-xsfy4ja7HJ03K66l.exe
| MD5 | 996597e71010bbae725f1e29b9651c45 |
| SHA1 | 5d3ffa85b81f10444fba47239084c3884612d53a |
| SHA256 | 7f7532370257975ecb5e134919a56ad2cb1896e8b004e52c48422dd69589960d |
| SHA512 | f10151a94c0b06f68a380a1306ca18c3692c38247c55910f0340bfe1190bf059d80242edca80956fd3a9c8410e8d13ecebca7805e896bddf91f1f0475aa29617 |
memory/2476-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2476-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 14:32
Reported
2024-11-09 14:34
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe
"C:\Users\Admin\AppData\Local\Temp\d8390c34e83af45eac717d4fc644db2750b08a76ceb68ecc2f9f591a6bcbbe05N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4292-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4292-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4292-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4292-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Ten38Mn12OGyJZeh.exe
| MD5 | 2bf444709203043278458c980844407e |
| SHA1 | 9cd0efd072751ec0b9cbdc2349daf467973c1fe3 |
| SHA256 | 19f2da11e65507e4f13f4d0a0c32d46965d936dfa3c8efad69cdc3c9be1bb2cd |
| SHA512 | d6efa7674aa77ae0ae9b735d2b937489616a4a20543869b17bd68eaca0d3bd0e91c9cd63b0b95c3d84f35cfaba58070fc3dfe3387f7e4bdbb08a37488279080e |
memory/4292-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4292-23-0x0000000000400000-0x000000000042A000-memory.dmp