Analysis Overview
SHA256
335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18
Threat Level: Likely benign
The file 335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:05
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:05
Reported
2024-11-10 06:07
Platform
win7-20240903-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe
"C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1944-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1944-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1944-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-GdlRDNkxl9avuSeT.exe
| MD5 | 89079e6e9d1a839fdae6f2de2ad48dfd |
| SHA1 | 1c4f9d7168a610728ce120f6429d5c7a0219efa8 |
| SHA256 | df68e5e3c12a53c59ee61124504ab86df598024e989e58b10753aa4bb1085257 |
| SHA512 | 2ac485eaeee477cd99f6d139ce01a20ac601fb3796d945bb10009c26d204e7566a6cd2b1e2c4c1aa520d7b7eaf89691392fd8b6c95dbd7a48dfacf8f5b80c5cc |
memory/1944-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1944-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:05
Reported
2024-11-10 06:07
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe
"C:\Users\Admin\AppData\Local\Temp\335bb0e9a6dcb19b44043f0d1f196d0c50d8e95ce6b0ad7819026cbf8633bf18N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/4020-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4020-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4020-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4020-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-FsT5VmUZhBAw1mig.exe
| MD5 | 3c9b30416a7bc6bf5dec526703119f36 |
| SHA1 | d5e2801390f9cc33d797b7f923cb36ce704ac6f3 |
| SHA256 | 5d9c415b1d6586ced95db1b27ea02bd9f985ba48df8cc9321e140eb8bc3f0e33 |
| SHA512 | d6f802a5d3e4f60ed7b84468bcd16520286a655ab87cfc8f30778ee70f32328b3ac2f690cd575dbad6ea887c2c1fc7f769a7bd795afe197c6d1ce43ae4228833 |
memory/4020-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4020-19-0x0000000000400000-0x000000000042A000-memory.dmp