Analysis Overview
SHA256
029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089
Threat Level: Likely benign
The file 029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:19
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:19
Reported
2024-11-10 06:21
Platform
win7-20240903-en
Max time kernel
91s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N.exe
"C:\Users\Admin\AppData\Local\Temp\029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2204-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2204-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-VeXalg5xvCNDSgep.exe
| MD5 | 25c2ee48054d6e598976d0b45c5fdab1 |
| SHA1 | 22b1455257ab8bb6bd360ac1a2dcbf574d074a79 |
| SHA256 | 0a330d687a49f274fa98b5f176fbd4ee2b41a4f7fb04506c90b3a3a148d8c0b9 |
| SHA512 | 17f47bab8cc50486c9a12c91275c9ad8b924637f4ce5365cbee2302b596720a12f970c7b8e69bc66b664718cd0038c91cfa5852b8bf50ea43049dc33a28f150e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:19
Reported
2024-11-10 06:21
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N.exe
"C:\Users\Admin\AppData\Local\Temp\029d5a552024055151a15cbb2813b3ffe742bb2c5109ff1d2ed9ea34c7557089N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 105.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/1696-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1696-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-s2IpnZ6jeY50DwxZ.exe
| MD5 | 934c5d9d3c0671c276016f525410c3d6 |
| SHA1 | ff07e7d4dd1095d73ace9190cabce37184d0f349 |
| SHA256 | 75409cc99b221fdac0d7947681408726a161c0dfa40947cabbf2bc58850f5810 |
| SHA512 | af9e9afbd6500d46878ffd7f7b394896ad0b98f0b34b8a8db745089a3c8b3cef06b746f7cbc48351325c1715e1354e879f7058619aae94c44f9033d1a2d03efc |