Analysis Overview
SHA256
de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414d
Threat Level: Likely benign
The file de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:54
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:54
Reported
2024-11-10 06:57
Platform
win7-20240903-en
Max time kernel
110s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe
"C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/816-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/816-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/816-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-FiEfWcXuJ8XDOTmO.exe
| MD5 | 0dd54c37f76f730a86c03938f12d697f |
| SHA1 | 3fccd22d5637fb7b777f670d2423ed30acdd0880 |
| SHA256 | fd097f4119189d5bfe34f08ba83485be475a3ed44d1c6ce88849f13421e22c0d |
| SHA512 | 5ab55d604040eee7188af684b129451b5a550b897b0b3fe48a8811937d6f96319c9e1574787c63733afcf40378310df72ae3fdf300a5486a0ab4e110f376b6e2 |
memory/816-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/816-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:54
Reported
2024-11-10 06:57
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
97s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe
"C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/4436-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4436-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4436-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4436-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-2mbg8NVeKyFIczmM.exe
| MD5 | 6aa65a34b7b325a73248313fbc823c7d |
| SHA1 | 4ba8a32f6b9b651306fb1310241a3eaec730e6ab |
| SHA256 | 478b04d4feff4aa7fe36dfae715a89dea654570ac4bd5250bf36812290d0e346 |
| SHA512 | eb57eae597df1c896dc0ed62de6dfdc967826b6bab16d14f8447fc3b95e5c4cd988588f2cc6aa362337b891af21ff183907f8cd43fff0dd3de255613167bed56 |
memory/4436-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/4436-21-0x0000000000400000-0x000000000042A000-memory.dmp