Analysis Overview
SHA256
a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2
Threat Level: Likely benign
The file a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:25
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:25
Reported
2024-11-10 06:28
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe
"C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/428-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/428-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/428-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-tIXBxi1T8bPtWfrc.exe
| MD5 | 93b3a6a0245337174c18a4dc0f701848 |
| SHA1 | 75bba11014e6672f22ecac4a94a786feeef6d68d |
| SHA256 | 3a7c1296df28ed9e01fd1922a2171a14e15d1af477ea0afea6cc374790c2ba35 |
| SHA512 | 1aaab9d64813ab648300a99228957c2d8822012af46d2020ed75776bb4dc9d06eb75e66a3c77871724ec171f48b2dea1356fd0b4d1682544b47549c838ba958d |
memory/428-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/428-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:25
Reported
2024-11-10 06:28
Platform
win7-20241010-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe
"C:\Users\Admin\AppData\Local\Temp\a2d38b7bb88cba9d9212097025cba844e88a3ab7ff010d128fe45b4c45215ac2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1488-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1488-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1488-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-XfBsYGFPrOnE7wuL.exe
| MD5 | ab627f46fc33992810a4371842a74d26 |
| SHA1 | 65ef214999e01082e531cbd213b662c623b35973 |
| SHA256 | 805c88f7f9325402f6dea3f074631e3fc85800c7b5a4335eb7e33ff03928ad5a |
| SHA512 | baa26636e5c7168896c76aead66a9210af9aeeea160ef33e3cf7962e1783a78e0eb3536b56ae63dd73a745b65ca87b7db783edeb2261cdb694f4a48e2be3e73f |
memory/1488-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1488-22-0x0000000000400000-0x000000000042A000-memory.dmp