Analysis Overview
SHA256
71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3
Threat Level: Likely benign
The file 71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:27
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:27
Reported
2024-11-10 06:29
Platform
win7-20240729-en
Max time kernel
91s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N.exe
"C:\Users\Admin\AppData\Local\Temp\71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2212-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2212-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-pPH3K0ja0oETLDce.exe
| MD5 | bcedf7d85b83080aa9a9ef1735ea8107 |
| SHA1 | d895571d48f454e71ea68ca969d032d8dd2afba1 |
| SHA256 | eb886a2e52c2c4e778e90329e75b3f601f6f5f5060b081dc59bf316b6ab7c52c |
| SHA512 | 896428e02d4b8f8ff70781482413d46966dd8c236107ee0cc7c26d90a92f97faa74d9649983f67d19b5376bd6a862b636cfea5aaa4b96f3e12f7c5a8db6fa122 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:27
Reported
2024-11-10 06:29
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N.exe
"C:\Users\Admin\AppData\Local\Temp\71adb1fa10d73e4fc362be34e96219f767d8ac9608b2a7cc2985a85e001d84f3N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/1468-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1468-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-3LFIS6EIjRPiVDpn.exe
| MD5 | 1103657b240596f3bfa4bc4b2473c7a8 |
| SHA1 | 5ebce6e3324aae5b2f241e018245704299414553 |
| SHA256 | 2631ac4c853434054aa0d04860e9dbd1e47ab287e222cadbedfc9315bdf44b86 |
| SHA512 | 742891f8f5e90fa99394285b527fa75fbb35caf72d45af9aea884a19aec14e69a060087511b612d88b1ec5270c05b04eac6a3217a54aa73c0a9d5bf60c524f5b |