Analysis Overview
SHA256
c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4
Threat Level: Likely benign
The file c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:03
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:03
Reported
2024-11-09 19:05
Platform
win7-20241010-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N.exe
"C:\Users\Admin\AppData\Local\Temp\c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1684-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1684-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1684-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-qi9OQHfczHaEPHIP.exe
| MD5 | 9316f7cfb6507e6605d6d984abba3a6e |
| SHA1 | 77d7e5ea9afb2c4ecf90f6100b23b502ee811e42 |
| SHA256 | 6b99a8a1a3ed361dc64ef0f545d5bdc1f0c9d0e73b7cb75ade77880f88e63d20 |
| SHA512 | 0adc077e2ac306bdc88452dd497b67de2feb60585b6ef1c15c170e16ea9c467c3eaf3775493e57db3902d6950d6319f2b3827cfc49b65d0a6b8fd159b0b36366 |
memory/1684-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1684-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:03
Reported
2024-11-09 19:05
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N.exe
"C:\Users\Admin\AppData\Local\Temp\c4d354f9f60d51243bf07845932b5efa2238244aefd83c0d1ae2b3634ac91db4N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/1068-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1068-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1068-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1068-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-77WJUuoSykj1wM0j.exe
| MD5 | 7606eb77873ba430c06a1adeca8c1785 |
| SHA1 | 779a61deed14ad23ccffb97428c19a69b5d4d5ae |
| SHA256 | f5637814a6211f8be1a968b005779c4a60447bfd2728e93d45243ba8e4f1476f |
| SHA512 | d9f4423621bd9bc71f85098de8d5d90a7149a2ab7642f215d0470e95470cd564910a6a35582ff140dcc601dba9e4d3d4f31a6abbf1c030bcd2e375076a51b521 |
memory/1068-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1068-20-0x0000000000400000-0x000000000042A000-memory.dmp