Analysis Overview
SHA256
53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05
Threat Level: Likely benign
The file 53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:20
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:20
Reported
2024-11-09 19:22
Platform
win7-20240903-en
Max time kernel
119s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N.exe
"C:\Users\Admin\AppData\Local\Temp\53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1628-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1628-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1628-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-2ZbI4oIANDAONXa6.exe
| MD5 | 3e38be7f1f0f7a019c78ef00ef9b27ad |
| SHA1 | 238ecf42769bb5ec2875ba9ac2b67f11ea7d217c |
| SHA256 | 358275d7043db488f54f26b6dbcf5ffc361ac630bbb211935f921bcf5af5bfd8 |
| SHA512 | b83551cee19d86898f7e9fe69d38cd2c4a8a98ca235e4d50918ad1a6992a8931f82a39fed1abb2852bf0c0cc40feabf9333ba8ee68096d6bd67f9626cdeb47c2 |
memory/1628-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1628-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:20
Reported
2024-11-09 19:22
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
99s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N.exe
"C:\Users\Admin\AppData\Local\Temp\53b067a57c1f565a10dd08b02da7bd59d6f960d472faa9280748db68ba6dea05N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/2016-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2016-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2016-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2016-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-JX2siHMZ99d3mc9j.exe
| MD5 | 4c044a580910fd3777d03c51cec5e472 |
| SHA1 | 52ff370a92d94deb4f741b47ed6014cee5147221 |
| SHA256 | 037a7babbf25f625175928abda3063b74d2a353a755b06dd5543c0b9ccc8446f |
| SHA512 | b80d74fd23738cd405d6bfff31eafedf6bc3e84f97d1dff464012680d50c649ed47bd583feecc04bb323ae01c57e2b09a104c5aa5a5b67e8517f9664efdcefc1 |
memory/2016-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2016-21-0x0000000000400000-0x000000000042A000-memory.dmp