Analysis Overview
SHA256
c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515ed
Threat Level: Likely benign
The file c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:31
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:31
Reported
2024-11-10 06:34
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN.exe
"C:\Users\Admin\AppData\Local\Temp\c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1248-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1248-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1248-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-88yVaTlWfFB87sLB.exe
| MD5 | 5e16b87969f8e1a08dfd72a139605446 |
| SHA1 | a44bbd6fb70529eccebc8cf697fd4bbe69de163f |
| SHA256 | b3888ea205728bcd6a0c080c581a6dcd25829542f338c955391d929cc88ad3b2 |
| SHA512 | d9174b1d072284d7d0b275d94e2b766b0731eaed996c69c455012eebd72ba489824ffb3af2849e106518a5de02813d045aa9a58a4a317828fae03c7dfdec7d49 |
memory/1248-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1248-23-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:31
Reported
2024-11-10 06:34
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
96s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN.exe
"C:\Users\Admin\AppData\Local\Temp\c74370bfa89377a9ad5b3b52212ff4803b40b3a2b76ad9e82aa6abb1e92515edN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.208.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2784-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2784-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2784-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2784-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-rxDCsPJp5JTnc7z8.exe
| MD5 | dd14522c708e582e8d57d1102c01d9e0 |
| SHA1 | da174a1bd2d0ec21453e62daeb45ddb99d0bd684 |
| SHA256 | a73f9770442870714b7e94c3e917ecd9ca1cec6d7800b35598068cf69d45c665 |
| SHA512 | 10af44869176c4a3ffeb6c8fe712dda9bb91a6f581b136df4858d554e68270cadcfe894a258760ccb801eef8703e1ca291048572a8baf5b219c2fa25bc20dfc2 |
memory/2784-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2784-21-0x0000000000400000-0x000000000042A000-memory.dmp