Analysis Overview
SHA256
3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8fe
Threat Level: Likely benign
The file 3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:13
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:13
Reported
2024-11-09 19:15
Platform
win7-20240903-en
Max time kernel
110s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN.exe
"C:\Users\Admin\AppData\Local\Temp\3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2084-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2084-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2084-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-s8QqJzJNMOVEgPbf.exe
| MD5 | a71ff1d5d517c8912a3d334c18cd281d |
| SHA1 | 497ceaa5fb9b9f76a21e4a44fa3507216f27afa8 |
| SHA256 | b65ef7821b10f56452bf710b91e5c1539548477d2f7e2fdb4bf7c50030d40ad6 |
| SHA512 | 46552cd916087368c32f3582c3c827ba8312fa178a565991416a4faf6e663340c6d7052cdb74fce8f9395833aa06ee6234873a638dffe6d1fd256c9a5d932d4d |
memory/2084-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2084-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:13
Reported
2024-11-09 19:15
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN.exe
"C:\Users\Admin\AppData\Local\Temp\3fef995bee6f43f884d56109e6bc3a86cfea63a4a66f77569126638c260af8feN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/1672-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1672-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1672-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1672-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-noc1Kbh62pDj1OJI.exe
| MD5 | 562ace46a4fb7ee97ba9f50bd6a745b8 |
| SHA1 | b69fdefa5e5bc0e80130a270cc032295c51cec3e |
| SHA256 | db35fc2144709405a0bd6a2dfebd727f81e27b93c0a3160db0ddd7d933a95c1f |
| SHA512 | 7ed96fbf0cc4f490a7fddbe8c818335ba4e820cc47d4a683386003284924ef82d9b46276c4cb51dfd82d7dbd47e9d0d9bf5423f0826da47d2405f86ad2c4d2b9 |
memory/1672-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1672-22-0x0000000000400000-0x000000000042A000-memory.dmp