Analysis Overview
SHA256
c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0
Threat Level: Likely benign
The file c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:27
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:27
Reported
2024-11-10 01:29
Platform
win7-20240903-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N.exe
"C:\Users\Admin\AppData\Local\Temp\c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1924-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1924-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1924-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-rgIF0gZMtSqXzlhq.exe
| MD5 | 8dd5d15221913c06cebb450501dd69d1 |
| SHA1 | 45365c293429031515641fe6f6e4d9cb8cfdfb2c |
| SHA256 | 3b816e0877352795ca80fc47279259aefe3674323e117371e324280f29965dff |
| SHA512 | a6d6772f4f64ea4858ae711aea85b0e5ad8fc24322dc1a94a613d56f94d0b0ec015a0506da2cd6330b19b1165eaf9af4fe1f17302c4c2f5ae6f5743c8d03f7f6 |
memory/1924-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1924-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:27
Reported
2024-11-10 01:29
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N.exe
"C:\Users\Admin\AppData\Local\Temp\c6418d0534577458fcbde36276e871b78d9ac8b2fac0a5abd95ad0b4bbad4ef0N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/2440-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2440-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2440-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2440-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-1Su3xDTdwCmwpQr3.exe
| MD5 | b020f08b3d8cb18874c7032a21da0a8f |
| SHA1 | bf101e7a4f07c9958f8bface5f7317d2fcb759f2 |
| SHA256 | 757da86b1a0ecaadb0ddcb20fc1ed11f9e9f92fab60eb003a588c6f0e63d357c |
| SHA512 | 698f3027826aacd3e830a2865c9c0824faa979627b0c08e67ddb93d3b0511c1ecf2c996c3241129a1a517109d4954db76cc943631309d7f59043423f06e110bf |
memory/2440-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2440-22-0x0000000000400000-0x000000000042A000-memory.dmp