Analysis Overview
SHA256
1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970
Threat Level: Likely benign
The file 1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:34
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:34
Reported
2024-11-10 06:36
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
93s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe
"C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/4780-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4780-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4780-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4780-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-m4F6vzurQLwSZeZq.exe
| MD5 | 39f0d82914d62a8acecc36d42e807193 |
| SHA1 | b486dd9ebb5152e5b6c6137a350bf5d52405b121 |
| SHA256 | d2cd7d174f19ccfdb6907f573f40eb228a44fb4e701bf726b207bb4351af5307 |
| SHA512 | 51b748c3dee5b74b2d497a4eefbe972124b8035ed5fa4ca5acd42e77ae640e03d3de0cd7a66eac63b9dcda4db399e2b9007a5fecafdd510057efbca4fec4c66e |
memory/4780-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4780-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:34
Reported
2024-11-10 06:36
Platform
win7-20240903-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe
"C:\Users\Admin\AppData\Local\Temp\1ad453323a45898125436590c8b77347b4acf18372d9e9eb8924e609c7b50970N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2652-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2652-2-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2652-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-vqnAWef2ZvVDzGlv.exe
| MD5 | c22e3fda862286e431df2d757230057c |
| SHA1 | d4c795206a96c47969ffca2790f76800d09d67ad |
| SHA256 | 0984602b520c3b74cabda3502a73f1c6d8cdcb88e84c135c8b2e65ce81796a9e |
| SHA512 | 2dbe23b931219b6309d3c0e65604075ec6bb4116bf2f211335a98c510bbc5c814bc4d55344e4533f1f8f557cbb939ff54fed3b905217cf94a78cbd4528330ffb |
memory/2652-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2652-23-0x0000000000400000-0x000000000042A000-memory.dmp