Analysis Overview
SHA256
dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207
Threat Level: Likely benign
The file dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:01
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:01
Reported
2024-11-09 19:03
Platform
win7-20240903-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N.exe
"C:\Users\Admin\AppData\Local\Temp\dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2340-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2340-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2340-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-c5wBjBOUcey5WOiZ.exe
| MD5 | 59fcb7200ab4f6ad137a4cd0424ca24e |
| SHA1 | c54441068af051733810fe79080c48d622d6d77a |
| SHA256 | e2a69cee77ad3bfb8fcad6c83ff83ee3cb98907664d16d134f478107fb80365b |
| SHA512 | 948c3a66da87b2e705605f80fc56b7562c17b468ab9cdaf4e9fd0bf0bcfbc22eda60f6f658d994e482b275ed64bbf17d8f63813423cb7205e0c684c9431b21da |
memory/2340-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2340-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:01
Reported
2024-11-09 19:03
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N.exe
"C:\Users\Admin\AppData\Local\Temp\dfe3eb8f9c84148a70dc010653259824230f198a17511654dff19153a1ffe207N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/4480-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4480-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4480-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4480-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-VKMjJgd8LP92S57u.exe
| MD5 | 5d3405b2ed51d4c83051ac032a04ae9a |
| SHA1 | 55e51889f72d5a24456205c4f5167c281f8dabc7 |
| SHA256 | fa4501cc2f428326373000a98556c07e756b78a1172bbe339f668ae158cb07c6 |
| SHA512 | a3381151295093dcc82d119a1f9d255f90cf15d10e185f51762c3e736be21265e3227590b458c091a51a6a81b57c3bba4d27675f4369b0e86552c08c26310fdf |
memory/4480-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4480-22-0x0000000000400000-0x000000000042A000-memory.dmp