Analysis Overview
SHA256
2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136ae
Threat Level: Likely benign
The file 2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:30
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:30
Reported
2024-11-09 18:33
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe
"C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4632-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4632-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4632-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4632-8-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4632-11-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-k9H2yknSWqRNoVB2.exe
| MD5 | 661231c388f3f49f94597287e6eedb48 |
| SHA1 | 17c5fc29b9cc4e312819c43969d804e5796db363 |
| SHA256 | 881e33b592443599193fc27e03c359aa2713c747df81ffe614357034d8aaa559 |
| SHA512 | 991c6f2db550667fded4eee92dca109de0374ff93668156deda7f32122b1c9503d44103bf4868b89addc625da5f402285606235aac821e6536aa961702a37eed |
memory/4632-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4632-19-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:30
Reported
2024-11-09 18:33
Platform
win7-20241010-en
Max time kernel
111s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe
"C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2348-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2348-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2348-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-sdLMKvjdSmq2v2MJ.exe
| MD5 | 28e08cc7eb17e29546d07beb3db14249 |
| SHA1 | 55be79b8de867702c180ce4df8f0c70c401cc149 |
| SHA256 | 4f2a4342251261edd050ed58f871acf6e77d2231ff618cd415b2aa1af27c2b67 |
| SHA512 | 7aa73dd62ccac7b775b1e9bfdb9dc694b9c2270cdd60cd11db49909a4e6160867f920aa45fd762627eaaa8adc23bcd1027de49943da2775c83151d07771ba5f2 |
memory/2348-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2348-22-0x0000000000400000-0x000000000042A000-memory.dmp