Analysis Overview
SHA256
1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08
Threat Level: Likely benign
The file 1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:10
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:10
Reported
2024-11-09 19:13
Platform
win7-20241010-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe
"C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2492-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2492-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2492-6-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-AvsXmkVVgnHGJU5F.exe
| MD5 | 00624de8324119bb3d9326f92649147e |
| SHA1 | ac14d74960436ddd47006b416afac269dd87cf8f |
| SHA256 | b670b25c30a51fc60d61f31dec420818599c13c6fabbf55c9f6da04f0dba78d2 |
| SHA512 | 1532b7e624622955df9a5ebbfffde48778ef9824ca6843ba26e439a1995e014154633e76a5e9517bedf0b571920398b8fff736a27c2f20a11d389bd36ae86fa3 |
memory/2492-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2492-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:10
Reported
2024-11-09 19:13
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe
"C:\Users\Admin\AppData\Local\Temp\1c114fcf4d96b4d46b7140c7012fd5013cb4734e77704a08c841ba264c536c08N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/1120-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1120-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1120-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1120-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-hman4jQcYvkHXC0c.exe
| MD5 | b79b019e2fa1173db223ac9b95548114 |
| SHA1 | f73949d85e14b8683f10a61d8a9ab6135e1505a7 |
| SHA256 | 16cb847b195016afead144a6d5c86e83606bc8fade7161f7a1e29009a6d982cc |
| SHA512 | d8d7f423c34cfccfc805d500d990ecc68af03b35daf89a19d9ef23f7bc83af9f1c760475aae9541fb4ad07957cb97411c50f89ce46f3389fa88388bfc025bbce |
memory/1120-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1120-23-0x0000000000400000-0x000000000042A000-memory.dmp