Analysis Overview
SHA256
143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4
Threat Level: Likely benign
The file 143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:28
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:28
Reported
2024-11-10 06:30
Platform
win7-20240729-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe
"C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2500-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2500-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2500-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-aFdyXmt0jprY7xKZ.exe
| MD5 | 0fd1005559a6e67a4cdd0efcfc0eb37f |
| SHA1 | cec89fdeac91c2ef75c11d16f88e0dfda5bd3943 |
| SHA256 | 74ec5f8a2e044644559a4b332a264e9e5c1459b2ddc9630a3f9d4e1821733875 |
| SHA512 | 754e60bd7080332320b878fcf1a7618f4c77699335ef0c8ef2e3332d70c0eee4a02151a40f3d60e2f7b89d438df14e5aacca6ce22de08c05b0230397ae53e7f1 |
memory/2500-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2500-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:28
Reported
2024-11-10 06:30
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe
"C:\Users\Admin\AppData\Local\Temp\143aa19417a9c11b55ad6aea1ce213e28ef3035e946b0f1f259f79a5f15ea6b4N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/2488-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2488-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2488-5-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2488-9-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-9kRl7c2bq293vG4G.exe
| MD5 | 0024f2d08d62becaf2f3ee531c467f03 |
| SHA1 | 894fe70f8ed597bca468e9bc7936115d19737b81 |
| SHA256 | 76ee8518ea0f88c1765e0c2dfde74af8a1d63ac7fdc01a233b13d90727ff5061 |
| SHA512 | cbe358673e9da0d8cd0f5ca72cf092e29b90d862a50edc4d8aee5a717ba3bc59b6140bd0d9e1479208f9b502ace1f1d33adfce74a4a89d761df9bde749b8d379 |
memory/2488-16-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2488-23-0x0000000000400000-0x000000000042A000-memory.dmp