Analysis Overview
SHA256
3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4e
Threat Level: Likely benign
The file 3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:20
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:20
Reported
2024-11-09 18:22
Platform
win7-20241023-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN.exe
"C:\Users\Admin\AppData\Local\Temp\3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/596-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/596-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/596-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-TolGvPeh2RSHeUas.exe
| MD5 | 205ed09a32d2a5f887667fab5ee9fb16 |
| SHA1 | fe23def667d7fbd4e070f93334a88aaffc19537b |
| SHA256 | a7b3ac816c19fc80b6a3eb1769f6153242b366a06a84c6e92bc17944a9eb79f6 |
| SHA512 | 85d46e3b5a08d226495b8fcb8c830a3fe50605412b0d964d8ccf59815fcdbc2879a8edcc9fad604ee29f708d2a4ea9a26d9917b4b664bb1ef6acb29ecbd9a247 |
memory/596-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/596-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:20
Reported
2024-11-09 18:22
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN.exe
"C:\Users\Admin\AppData\Local\Temp\3db54c3b82694e22e798bcfdd6a9432e7b533f180551e6aef55788208fccdc4eN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/2496-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2496-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2496-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2496-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-52pYw6sqgbxAZa13.exe
| MD5 | ce68a082a0be33316edd5a65c87ad309 |
| SHA1 | 6c697a1a3c53bd2eefad437ec11dffb10769d438 |
| SHA256 | 941a662651b9ba7bf0e66b6576484b1e5ac13d102ae93e66e96b387e57ca6829 |
| SHA512 | 58c7641b0be4c5df1bc7edb157fe976593a2ede50e3b7f4afed06a016d64bda793443fd4064690800b67ad4e156296cc4c1e459854f97a6f62205e365d5c7cb4 |
memory/2496-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2496-23-0x0000000000400000-0x000000000042A000-memory.dmp