Analysis Overview
SHA256
3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984
Threat Level: Likely benign
The file 3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:46
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:46
Reported
2024-11-09 18:48
Platform
win7-20241010-en
Max time kernel
111s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe
"C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2580-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2580-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2580-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-GtCevheEp7yEpEI3.exe
| MD5 | 383cfda7c4de7a66dc47e7c0d7930110 |
| SHA1 | 1c068d23dbabe23a83e6ccbe4c8018b9d9e68e0f |
| SHA256 | 807c8ed005ea430dcdfab3801d3a83358e21b36d7742802ce5dcb969abf320fc |
| SHA512 | 870eb0c52a032b1b0788a375859393e0793cb465b3144761e3c5babda2ae22b750b6e4edc66c7fca97f91dbb8d2570e31e66d436ccf180728fa184cc15a34675 |
memory/2580-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2580-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:46
Reported
2024-11-09 18:48
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe
"C:\Users\Admin\AppData\Local\Temp\3628ff7e35513ed671e6685e8a5d8e0636b4946e9af4baa01d4fb15ac1978984N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2136-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2136-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2136-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2136-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-8zqv16EHZ9wBTJqg.exe
| MD5 | 954c1b8fad19564fff70bd39a699da0f |
| SHA1 | 0d737f9f68ea47086989b50d64342f00eaeface6 |
| SHA256 | e5d59c5d1a5e8b7a306bf62dad552732520e85a1ed1d941fd8808666697e0415 |
| SHA512 | 92cd95e980f9b25e55f114a96295c099ef43bf06c7391d2e35f3a7c11c8d27ccf5ceef96af2e4db4e707fb4fabf72e0cf44cf6417b4462b2923f49ff70f6ea89 |
memory/2136-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2136-21-0x0000000000400000-0x000000000042A000-memory.dmp