Analysis Overview
SHA256
d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351
Threat Level: Likely benign
The file d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:18
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:18
Reported
2024-11-10 06:20
Platform
win7-20240729-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe
"C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2324-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2324-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2324-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-xXW1HHGIEo4XCpr6.exe
| MD5 | fbed78418d87f529a9752413df75fe63 |
| SHA1 | e4c62c41134baefd91e88e54befe16f2bbb0a0ff |
| SHA256 | 21b6943a7a6bd1853d3d8876a179b749994d4af9e05947f4a566bb23e3e88fab |
| SHA512 | b76f3bc0083137d68d4ed042245ec56922f0dc5d051388aa10c5725c42b47104bae711bd6fa77c05438543fdb249f5c3584dbcc6114ac61109c3e2dedce5e77e |
memory/2324-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2324-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:18
Reported
2024-11-10 06:20
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe
"C:\Users\Admin\AppData\Local\Temp\d9a4f86c11800b703841d815f84fd064ec22c32600a3f38e51e8b368ea6b4351N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
Files
memory/1592-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1592-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1592-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1592-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-6VVT0wD9UELfZMTt.exe
| MD5 | 04032169e3da022e7304db9ff3188bca |
| SHA1 | 4ebcc21baa43d4078727a163d1015b01fe2dbca1 |
| SHA256 | 31b23eb956dc5646c3ce3b75f203c377938e1afb7de21979871582527d882405 |
| SHA512 | 47357febddca9f56e38d61235752d8666c2c3dc2b146679c0350a07d3c20f6c84c011f8883a2219e387695672b982b35a084b3acae0cc2deaf871ee69f3f914e |
memory/1592-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1592-23-0x0000000000400000-0x000000000042A000-memory.dmp