Analysis Overview
SHA256
475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74c
Threat Level: Likely benign
The file 475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:50
Reported
2024-11-09 18:52
Platform
win7-20240903-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe
"C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1868-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1868-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1868-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-3tveMA6PuwWq10gi.exe
| MD5 | 93a4579569fb859daea139b841b3399f |
| SHA1 | 22b802d78a99aad6a6a7e4ecb5edf2fc72be2bf4 |
| SHA256 | 5b733585d80533bba83ab205eae3bdc9bc0d97b54514481190c57b5cf8804d5a |
| SHA512 | 89d992f3936b2d0f45877eabf25165c6a1048313c5b86b4404cdf267acc6270ca0227f157e13016709127572918087fbae088a709eb3186b0e8a12c8ed8e912f |
memory/1868-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1868-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:50
Reported
2024-11-09 18:52
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe
"C:\Users\Admin\AppData\Local\Temp\475263b65f3b702089e080911e2381cd8f3e49d1ac7fe5fb8f72db49721eb74cN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/2032-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2032-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2032-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2032-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Ut4tOXOpHc55xLwe.exe
| MD5 | e9fda8843266cf16fa0bdc41e0f2c2d5 |
| SHA1 | 657586a63d6d749eb71aba25d7447ad1175e3f24 |
| SHA256 | e5cc73f47bbf98b0cb39a1f06db6c53e7dd62f8ce84e31f578a11d5b9221773a |
| SHA512 | e5c517da8f3dc7ddc928235379d43a359e59dd1ce5343dfc78024f2cf150fbf39aecbd572fe0adb4af004b3abbee6cce9328d7a0cc0d85095c29fc06fbb17271 |
memory/2032-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2032-21-0x0000000000400000-0x000000000042A000-memory.dmp