Analysis Overview
SHA256
1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336f
Threat Level: Likely benign
The file 1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:18
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:18
Reported
2024-11-09 18:20
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN.exe
"C:\Users\Admin\AppData\Local\Temp\1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2484-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2484-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2484-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-0Uzr455eGOnpcGy8.exe
| MD5 | 6f1f17323cd99f731a94ae0a8f996fde |
| SHA1 | 7617e1e08416d465ea916463504084c003f3d327 |
| SHA256 | b4554243c4132a74bfc144af117dd8a527fb43f5a8f2ea77262f08e83a4f936d |
| SHA512 | ca3e5ac7a3099870b1243eedb2190629bb0090619af05351aca2aec2e96d4e8bfbd88876bf554020333fe4f45c2073b6886a8f6e90ab192d1a95c4a9c90d3c15 |
memory/2484-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2484-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:18
Reported
2024-11-09 18:20
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN.exe
"C:\Users\Admin\AppData\Local\Temp\1043d06e9e35f3bf4b7df97c67c1ae56e7251a1d2e1a2040a0d440511991336fN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/2848-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2848-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2848-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-2JkyiJIDYafMMo9Z.exe
| MD5 | 951866c566cc6512075c3802e50917f6 |
| SHA1 | ac79650628cd24b0bbd39519ec6652d87c52f4c3 |
| SHA256 | 386fbadf1dc30c9cb2644eb483f99cc7315067a5894b5d7568afae3656f36f2e |
| SHA512 | fb72d92d1c2a88896f9c9f3779f4f54d050e7f16113f1e44cb0cd8ae88f78ecd8cc51d8f9f589049dfa107406492d55da60d241e0b226e2aef18e4cd2bbdc17d |
memory/2848-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2848-20-0x0000000000400000-0x000000000042A000-memory.dmp