Analysis Overview
SHA256
074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058
Threat Level: Likely benign
The file 074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:13
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:13
Reported
2024-11-09 19:15
Platform
win7-20240903-en
Max time kernel
110s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N.exe
"C:\Users\Admin\AppData\Local\Temp\074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2872-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2872-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2872-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2872-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-ZnwmaALCtfeFM3MJ.exe
| MD5 | 02d31c92a635d013fbc43519fb1e8687 |
| SHA1 | 5605284c67a92a45fab9b252d183218851e445dd |
| SHA256 | ba68325af9b7bc10e3a2b40c9c81834546a51e21bb9516c37240f84aae2dc9cb |
| SHA512 | 7b95e9fb48a36570514404467298e99efd23a0f3a2b4a6d5ba6e5a8ffa6c0ea3104af46e671e57d036692c68a0ed28d13aa741f186ff3457dc964c5cc8efae49 |
memory/2872-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2872-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:13
Reported
2024-11-09 19:15
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N.exe
"C:\Users\Admin\AppData\Local\Temp\074bfdd88acc68341239d26fbdfa70b6ea1246f6467f176a501eecc8eb65b058N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.208.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/4984-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4984-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4984-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4984-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-5MXuSBNch7axvTLk.exe
| MD5 | c9462464e13a25f694c6242943e82591 |
| SHA1 | be39a0252aecb725050516f16f435dadbe67daae |
| SHA256 | 0bc23d88d005acadf9382b2275194ac46b663d9143dcbd56e19f06d92225ad54 |
| SHA512 | 4cc6c00b481f04a57c27351b651ee449a678abc5f3676f27e75bf73f2435c7608ad95391e2ce80cb74a33d2d76282afc96ba8c4730bac37026cf522ab3884515 |
memory/4984-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4984-22-0x0000000000400000-0x000000000042A000-memory.dmp