Analysis Overview
SHA256
36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23
Threat Level: Likely benign
The file 36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:19
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:19
Reported
2024-11-09 19:22
Platform
win7-20240903-en
Max time kernel
106s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N.exe
"C:\Users\Admin\AppData\Local\Temp\36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2332-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2332-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-4wzN9AR3u1VL6Rsh.exe
| MD5 | 6d7e4f9b9e7b6d8ca61c5d3cd1a35af1 |
| SHA1 | a5ca05f7ee21ca297a25962bfeed3373673dba23 |
| SHA256 | 7c9a8197281ea98b6706fec3c467b4b2eea6e8e9cf3ed8f00054850c24845144 |
| SHA512 | a514680d7bf1dc527620cf3f57429b291a79f3fcfb78498f86d47246923f47db1e250c982a7394d916bb53d5840cb84394c27299ff0c05ed314a52651855d799 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:19
Reported
2024-11-09 19:22
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
98s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N.exe
"C:\Users\Admin\AppData\Local\Temp\36c5c38219a5bf03a9966ec622219999484173cad4c97e0cc933ee2b0a852f23N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
memory/4552-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4552-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-gWLU34QYrTQbxlYv.exe
| MD5 | 412162ddabf4d7cd1ab48ca3d0c0946c |
| SHA1 | 6b40c140f86e64c851895ad792becee5a719e090 |
| SHA256 | 2ac23d57db6523e5a88e82a8d2c30eb1c3a668b173eea92cd079e13c43d0c02c |
| SHA512 | 134144ce7575c78bba51bf320a9fe5dcff5cfd9d7bd99324c2659fd10bc71bf930ad1b768f5af24b993778e8c17b50c703c2aea7dbfe27659e32dcfbf09d9476 |