Analysis Overview
SHA256
da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13
Threat Level: Likely benign
The file da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:38
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:38
Reported
2024-11-10 01:41
Platform
win7-20241010-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe
"C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2192-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2192-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-SgMuNp9vjrO68prw.exe
| MD5 | 8739ecb949f6835d0e8a6e43def7fe20 |
| SHA1 | 5752f1256ce9efa32f2d4c6709ff7e233b0adc07 |
| SHA256 | ffc02b12c8e5589ebac1d7eee461727499ee06f97db186f22a80cf4a3ef184bd |
| SHA512 | d55a425feef7bec2682c8dc15618a5b327ad409164df84674e7a6318cdc4ba128a720629d29f80c588c24c6e31231d3fb1dd7d9e3d1f46f12e7693365dfc1ab8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:38
Reported
2024-11-10 01:40
Platform
win10v2004-20241007-en
Max time kernel
116s
Max time network
117s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe
"C:\Users\Admin\AppData\Local\Temp\da1c86c30b28fc61fbacbd1c54597372aaf20c1fe024d027fb983e5aba3a1f13N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1676-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1676-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-IJmF36QECFFvUVxR.exe
| MD5 | 03d692a57d6febe48cdae69e0f5b846d |
| SHA1 | 5f3c42ccd53687afaa6f9327367462e27042e2cf |
| SHA256 | 70b07ea365ef2802828c076e0742509351090cb18676591133c27a73d92f6e02 |
| SHA512 | caa1b2a65c6ddd32f33bdffccda50c36ab2e913acf7d48dbed414aa26b8dfaba159bacd7cc5db39f0140994915eb77eb282c6ef89074b0ba766fee99e4dcaf81 |