Analysis Overview
SHA256
9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493b
Threat Level: Likely benign
The file 9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:21
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:21
Reported
2024-11-09 19:24
Platform
win7-20241010-en
Max time kernel
113s
Max time network
117s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe
"C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2904-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2904-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-NEoRRlj5KSfkW5Cd.exe
| MD5 | a72ff9dc7cda3fe379e288ffac1ea9ab |
| SHA1 | aa264b0fbbbbe5e3d525f05f6341c3c27f983b74 |
| SHA256 | 7f0ef53961909804f36177c9dc8d51ec8efe8dc72a7d5ddad1b844fa7871e1af |
| SHA512 | 60cb455f8455412d7e0f17d575a5a934c8552e76aaf7ccbc75e7a0810b8f0eb2378b9c0303e7c424c830b9462b7ca8df4a095d906a5516160ceacb8c3726d4e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:21
Reported
2024-11-09 19:24
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe
"C:\Users\Admin\AppData\Local\Temp\9a10a9c592fef1fabb55cf4ba6909df8c3f7de691de55216e330f8cd9d4c493bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1972-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1972-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-vszR3TObfcr7lIz8.exe
| MD5 | b3cc66dc3cdfd3b3520b54529defd1b0 |
| SHA1 | 9001de9e45fb4dc4087adad3546395b17defabbc |
| SHA256 | 0a560debea936448e231da745a5c853276d15d9b190f8f10d904966fbc47b117 |
| SHA512 | 00bb58796fdfc562659f07766ac8b417646bb87556a922dd18a0800b1cde43dac89497dbeb6fc213a205214e5b5545b9a0f4257f58090c51194b07d98f92adb3 |