Analysis Overview
SHA256
8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2
Threat Level: Likely benign
The file 8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:42
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:42
Reported
2024-11-09 18:45
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/2712-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2712-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2712-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-CEBYThbouMXDX804.exe
| MD5 | 3ee98242efdc23cc25421ce4223ca4f7 |
| SHA1 | 9b8240cede9840e3e5ceb45e0ecd65cce55a501a |
| SHA256 | 2bb7672ef73b69d956d0bf716b259c914556e0b211184fd4a9c247ed1f4ec144 |
| SHA512 | 95d5e026bade5596a9500cbfd3b724b3793abf7dcff9b3f554a6aba52ae0d8795dd7fcfec8ed68d2bd7de0f87f23901420fa5c2e5d9eafa7f5852cb88fd4ca52 |
memory/2712-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2712-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:42
Reported
2024-11-09 18:45
Platform
win7-20240708-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8c12dbf683cf804babece173ccf9bd69d1b7fc45e79d46f6291cbb91172b2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2432-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2432-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2432-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-16ezVqiANFI5vIcX.exe
| MD5 | 78ea5b968985779ef3bc342e67cfb17e |
| SHA1 | 222249372c3bbd8aa52aac9ab3e3a6407dd225b5 |
| SHA256 | 452303178ef07c05c074cdf3c939e149cfd8db077f7a30359c04346d4033002b |
| SHA512 | 0b8cfb39caa118431c6391343b3e556daae13ce536b98692d6da3a6fbe6d0fd3d4880bd4fb29a631c9342abea502b5e275f28036ef3029d24b156ab023588387 |
memory/2432-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2432-22-0x0000000000400000-0x000000000042A000-memory.dmp