Analysis Overview
SHA256
3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025db
Threat Level: Likely benign
The file 3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:49
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:49
Reported
2024-11-09 18:51
Platform
win7-20240903-en
Max time kernel
119s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe
"C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1992-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1992-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-5CDisbcDmrzdxac9.exe
| MD5 | bbd83621438679ee77959dca39ce4524 |
| SHA1 | cd44510d12f069e24d9a7ef8fcad28557414a592 |
| SHA256 | 4b5caf6bc6f37a29e15ed8b3a820418a365201b617059c8fe840accfe5d6a6ea |
| SHA512 | 6e261da9d0d93588ae8d09e3bce57d1dc28ae5fc452beb4e064d50dce5363141a173b0f39bae80dd4c45249b6ba5c8b11580bf71ba6cc71555e0103ced1b8d1e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:49
Reported
2024-11-09 18:51
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe
"C:\Users\Admin\AppData\Local\Temp\3bdcec201dcd9f4ad3d9452ab0965f3d04641a6c8b1d856ec516625a4fc025dbN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/972-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/972-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-G0PATCHuwoCAl5AW.exe
| MD5 | b3993715efa11a004a04ba06f27ee027 |
| SHA1 | f0bb99c99dc76991dfc63883f92e4848bcd229a9 |
| SHA256 | 621489d2098b70d7dfc9745feaa7eb975f92e0c3c95155727785458d3e84b108 |
| SHA512 | b5af5cac1f8a8699dbd73767f577bd6ebc975ed190ab6ee8757e69036bbe8fc6abf615ab35ed8e54df2543bd20b456c0a0dc5b9522e0727ba16a2e3925efdf59 |