Analysis Overview
SHA256
53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0b
Threat Level: Likely benign
The file 53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:25
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:25
Reported
2024-11-09 18:27
Platform
win7-20241010-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe
"C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2036-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2036-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2036-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Z01JLWCCxTfc6dYQ.exe
| MD5 | cd75c7c40055b1173a3fbfe4cc4a9f1f |
| SHA1 | 5b3afc9e758a813a0990b4085fb68a43aece3bbb |
| SHA256 | 8dafae213737ba91e02154b0c630631872af29c05e4ad1d27b13b46daf356cea |
| SHA512 | c8842f4d26267ca67e5611c8d6ceb48db1243ac9233392122b14e31d7aeafcb92c1cb1d01c3968c0675681d439429bef5993f32f43a9636ca4f1c9bf4be4b01a |
memory/2036-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2036-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:25
Reported
2024-11-09 18:27
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe
"C:\Users\Admin\AppData\Local\Temp\53c905eebeafe3777a7c5410ccbf9df64a3d20e013a70e5578ca1181fccb4e0bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/368-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/368-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/368-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-dZeeTweODtNMgi35.exe
| MD5 | 6b66335323b9f3ede9dba0bce04c98ce |
| SHA1 | 8fe2bb48fc425a0e55b49ba01c53f2caed763a59 |
| SHA256 | 1449b94810eb5bee62889c52716e5088b986daa428f477a1447b50a93b93c56e |
| SHA512 | aa54275687c893a76a973467b20071d0c906c0d512663fa15a09a92d25df8973b8268e7927f2fe15c1345ab696eee6cd0eb8ec1b85663f1540aea3abc76e9acb |
memory/368-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/368-19-0x0000000000400000-0x000000000042A000-memory.dmp