Analysis Overview
SHA256
00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1
Threat Level: Likely benign
The file 00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 15:37
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 15:37
Reported
2024-11-09 15:39
Platform
win7-20240903-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N.exe
"C:\Users\Admin\AppData\Local\Temp\00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2104-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2104-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2104-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-ZEGsvCTXB3T4J4dv.exe
| MD5 | c11ddf4bf2c05ac70ff792e592ff5e37 |
| SHA1 | d9b61419955fec6d8cf163ed8c06670882621cf1 |
| SHA256 | 79352112fc4acd14b15020d7bf751d0c917cf7a80c28314cb76c4a53f6139fed |
| SHA512 | 04b283728127d7105c2edda05fccc2acf748bf3edb3d404924d6ddd7fd4495dfcfb7d6f6aab0db07a1ed1a7487fb01feeddd0c1ce89026c7c89cb72ad83a863e |
memory/2104-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2104-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 15:37
Reported
2024-11-09 15:39
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N.exe
"C:\Users\Admin\AppData\Local\Temp\00c9cc477588a5f4b1ab9379ac351755e24c834c0fcdd8a368dcfe2abfa489c1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/1848-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1848-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1848-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1848-9-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1848-12-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-d8mzAcKGsXsdJXGS.exe
| MD5 | d0c1e21c033079ec1494a1d8a70e80b9 |
| SHA1 | 2037ed724c4ea915b7abffb01ef3b66af5e441b8 |
| SHA256 | a25abe07b6acd0d05f829fcfd1963c7f128fe0c1abb49ce8903cee97729c2eb7 |
| SHA512 | dfdf779de969f2ce77d0453eb992d8eeb6ee223f08674e456c9721bf21b9e63beffd3568fa6a4e4b2a5f632b2bb60aeadeca58c8b2d9ff52903cea245d58894c |
memory/1848-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1848-23-0x0000000000400000-0x000000000042A000-memory.dmp