Analysis Overview
SHA256
23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2
Threat Level: Likely benign
The file 23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:16
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:16
Reported
2024-11-09 18:18
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe
"C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2224-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2224-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2224-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-kNUBVrVn032HxuPs.exe
| MD5 | c8584d30e9de59a8f48c8626b307c145 |
| SHA1 | 13a27635f1cc54b680870e370d3b4072ee73de68 |
| SHA256 | 2484f311b3071dfecb7854749a7acee945be9724d40848ef3a42e06d7109a1b4 |
| SHA512 | ca495886f860b0ac60fae08ec0e6073cdb7cc36e1390f259631b5b495622e6c45493b33342786abc36748319b6728fa1299392b322d062408fb6bbb3f779d4f7 |
memory/2224-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2224-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:16
Reported
2024-11-09 18:18
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
113s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe
"C:\Users\Admin\AppData\Local\Temp\23cad29d376d1a039234eab05cdb5c0d76565b6635e52fa255e19a00b388d8b2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/2972-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2972-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2972-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2972-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-mcVna2zOaOyENjn2.exe
| MD5 | 242aea0c7a516162bef10e41096ff029 |
| SHA1 | 260601d93d73e523da3022d9efd401c7e82721ff |
| SHA256 | 33086427ea22f1aab90bed69274028164d86017fbb32f990703248619feb5594 |
| SHA512 | c174f7fe3ac2f7a6eb0860ff43cf38567291feab6f76b2381cdc184be771f3b72c44638c1200954dc338ec83c8bfee92b6ce87fc88a3a1f56c7928289ad48d94 |
memory/2972-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2972-22-0x0000000000400000-0x000000000042A000-memory.dmp