Analysis Overview
SHA256
0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42
Threat Level: Likely benign
The file 0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:52
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:52
Reported
2024-11-09 18:54
Platform
win7-20240903-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N.exe
"C:\Users\Admin\AppData\Local\Temp\0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2856-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2856-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2856-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-TooP1r47cugHoar1.exe
| MD5 | c2fce28d5fff567b1d92d2be88cf9044 |
| SHA1 | cedb96f92f0767fb88a951d7500bd72549ce2a2d |
| SHA256 | a266692e34f966609abe3252585c4f10ada921ae684dd7a557a3e3ede39dc71e |
| SHA512 | 600904c9f0d92a382226205fa722d0fba2870cb61965b821b663199b56602e19be035095c5afe33f76a72d2903f14ff67300e1eb615ed7fb5f999b21aed1d357 |
memory/2856-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2856-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 18:52
Reported
2024-11-09 18:54
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N.exe
"C:\Users\Admin\AppData\Local\Temp\0d609c98ecd895924c50d67ef4bd04e4624e9ff26491e2e2bf1e40a7e4cb9b42N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/3104-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3104-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3104-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3104-9-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3104-11-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-yHM5NLlQny5dmjaN.exe
| MD5 | f40057b732b02a91f8324c0103624d0a |
| SHA1 | bb1abf24c9de031e4a391efade610c50a6bdbfc1 |
| SHA256 | 59cfe922fc8544cd2b231c7ac7a656f362a46099d8f8e4e0542a15f07c71f364 |
| SHA512 | 60f8875def63f8e7d4994a65fea55754707c3d2cdeed889de12d3f24c6e405e7c03e817942a06ac99ca4b8d8418ea32fe21e1b045fd10a91f8ed392d9e69bd84 |
memory/3104-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3104-19-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3104-23-0x0000000000400000-0x000000000042A000-memory.dmp