Analysis Overview
SHA256
788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780
Threat Level: Likely benign
The file 788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 07:01
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 07:01
Reported
2024-11-10 07:03
Platform
win7-20241023-en
Max time kernel
110s
Max time network
92s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N.exe
"C:\Users\Admin\AppData\Local\Temp\788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/2912-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2912-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2912-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-iFVKn4HVWYWULUwg.exe
| MD5 | e21d18cf382543624e27deb7361b530d |
| SHA1 | a75c1644663ff5e989cd5907acd7456ed5d8978a |
| SHA256 | 3c97529d2876c4af976ef04153b5fc3213d4ce444aa05a02f03badb6af503950 |
| SHA512 | 02b67b7e67e2726ea49caaaed0d5b32b2be7cd063e8bd8270dcbde0307b5cb8315b62aaba38b1c74d1647cb48c30548413dd3ea3b99c7b484e3a97ae11c936d0 |
memory/2912-12-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2912-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 07:01
Reported
2024-11-10 07:03
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N.exe
"C:\Users\Admin\AppData\Local\Temp\788b3d4852f6586177e856d3ee115d451014374bf43ca819fbd527bdf88ba780N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/5020-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-W5wlNE8iODr2ka55.exe
| MD5 | 8bc162d16a155f3c065faca954cc9966 |
| SHA1 | 8b4773a6465391707c1ef7cf3659be38b20e889e |
| SHA256 | 0dfbaf58de69540a6e06a23fe0a1073e310ee7e556c566b6c5bd7d9ee13bc343 |
| SHA512 | a2c687313a3a03ee11b4b2db0ad14fc2d3fd94b7f1e8ed7e2f29a3fe6abac0b16c455f6932206390d02c121cc7d8622c9961d49aa7fe143d555d25864b19baec |
memory/5020-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/5020-22-0x0000000000400000-0x000000000042A000-memory.dmp