Analysis Overview
SHA256
ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1
Threat Level: Likely benign
The file ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:52
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:51
Reported
2024-11-09 18:54
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N.exe
"C:\Users\Admin\AppData\Local\Temp\ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2232-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2232-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2232-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-5meGsgbJaNot8n5v.exe
| MD5 | c031f082100232ad77a823f276a4e1d8 |
| SHA1 | 7504d3b690196d09e671f3b4608074af7f7b7ac4 |
| SHA256 | 06c749e7af710965e3552bdbe05435bc7bf8d545e132f5abfa0f5ff1bd74e14c |
| SHA512 | 41f8c9d729d744086dc525099485ce84fc424f3df48e150af40cdc2668535eb0372c2d24a5a664d142d79f35d9bbc20a5adfd80363262539255fd0fabe3cd112 |
memory/2232-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2232-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:51
Reported
2024-11-09 18:54
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N.exe
"C:\Users\Admin\AppData\Local\Temp\ea20b75be75200616b82dd10e28321cc3d8e7b5bd026f9d08de75697223cd0d1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/5032-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5032-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5032-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5032-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-jf7rtRcCjZpcKhHs.exe
| MD5 | 9b733570b7abcc5495f77a498843a10f |
| SHA1 | cf26c7ef651f29546f302513ff920a480823b884 |
| SHA256 | f67e1f003bcdb42956b1f60ba492c86724cd4e1bbadba28f1aaeb8ac4a2cf3e9 |
| SHA512 | 29d15ea2014c188c038e883504e5716f7985a5265a2fc803329927298a1747dd9d93b2e2471a136e9fb0b41db7671ebfb0e6614751fb909e1dd410ff5f8a8eb2 |
memory/5032-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5032-21-0x0000000000400000-0x000000000042A000-memory.dmp