Analysis Overview
SHA256
755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2
Threat Level: Likely benign
The file 755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:11
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:11
Reported
2024-11-10 06:13
Platform
win7-20240903-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe
"C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2148-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2148-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2148-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-Jjoxo9Nu00rBZB8O.exe
| MD5 | 2e9a319b86b451073da1710316c52c9d |
| SHA1 | 8038071187e0ed9cde4d3458f0423b319ada5cc5 |
| SHA256 | 7a3ed88b905f72a7076795057e9d065b50a37acfbb8f9c62dfd156107cf1483c |
| SHA512 | 2aa9b3de92b4750a6ef185feb9099a2df6fb18146def9d89d17cb722c50159e923d3bf2d4424a65362f10cc10521889bf72db4b69dbaef4384c8618f3ea26b7b |
memory/2148-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2148-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:11
Reported
2024-11-10 06:13
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe
"C:\Users\Admin\AppData\Local\Temp\755a8a960d5c530c89d6933dd624d10579db104c5bb48b39a65f069201b808c2N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
Files
memory/4876-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4876-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4876-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4876-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-0rY5aMNd6PENug1y.exe
| MD5 | cadf6b4c8cf12395b79b8d9dd5170c91 |
| SHA1 | fbb1795ebdea6b9eaa8b07045680a1a42b6191ae |
| SHA256 | 1b54c8e2a46e7215296f721f28ddcdebad6e4af948b9c3fdc5a34e27811417a9 |
| SHA512 | 520bf0c7daca184a24d757388d9427a32e564f3e072e6c57efad4a803381f26628e1c34301786e2cd0e99ec2a489f5ac6fe6716daa8371c452314dc361032306 |
memory/4876-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4876-22-0x0000000000400000-0x000000000042A000-memory.dmp