Analysis Overview
SHA256
b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43a
Threat Level: Likely benign
The file b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:43
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:43
Reported
2024-11-10 06:45
Platform
win7-20241010-en
Max time kernel
92s
Max time network
98s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe
"C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2256-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2256-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-9FOz0xe6NBaCxoUK.exe
| MD5 | 441bc6a2da6ff92d0c23eb29a1c02268 |
| SHA1 | 3e1d251128b0b2cd4b74b8be7512b1dda38f5c7e |
| SHA256 | 12674c96dd622d233e19d3a68381231f1379e823381964d1cf4d09fd5f31abec |
| SHA512 | f8ec37ba6eb1953818053d797bff2301c8940eca7fb0edc5d4c77133379b038fefaae3913885d20dc5d67281918fa66e54405f6fbd0fd2db691fd62f2191e65f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:43
Reported
2024-11-10 06:45
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe
"C:\Users\Admin\AppData\Local\Temp\b96270dab5ffe5ed420c764441eb80d09f2695ea51bec7713b53f607b16cc43aN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/2364-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2364-1-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-PsdtTENUEWPfjCj1.exe
| MD5 | 27b99983fc9e823b3aee3852e5e8b4e1 |
| SHA1 | fefd730ff1d7875784f960506d80a6e2d35b0ff3 |
| SHA256 | eeb609c6197850bd74a6afdb52e8b3c8e06ec2c4032628b5d8d0b1872c51f11e |
| SHA512 | 21b495056791a2c51b9e9d641ee15149da3c65ef0880a3e655d7ef3de4c206ce005f763ee90ae0c5b8ffd042b84f9cacd2cf1ed42439ac2086f8e9f2621b7b32 |