Analysis Overview
SHA256
3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586
Threat Level: Likely benign
The file 3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 08:37
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 08:37
Reported
2024-11-10 08:39
Platform
win7-20240903-en
Max time kernel
119s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe
"C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
Files
memory/2316-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2316-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2316-7-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-9D0vfgeMkj72zpXy.exe
| MD5 | 862b2a69c0643cf6c84e0f6dae779d2d |
| SHA1 | dde5ff4cc503e4aa2068142e5ab2ba5586298a3d |
| SHA256 | 33e488200b18f6c17368515a0a201e9420d5cc6446e5718cadea284343f304ad |
| SHA512 | 13a0b7aed45919968d6ad85cab5e9055a746e8e8a9adff5d6909dcc71eb67401fdc04718629b0f30f936a229b6599c33f831f80b843b3c38c940be3b651ca0d4 |
memory/2316-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2316-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 08:37
Reported
2024-11-10 08:39
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe
"C:\Users\Admin\AppData\Local\Temp\3b973bac9d88705d4b7851de3faae7f920e52a5097ae3b1e3e3d8b80b8407586N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 40.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 172.67.183.40:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
memory/3404-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3404-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3404-4-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3404-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-LEajpVBgHidTCXVM.exe
| MD5 | 12917d8106a99519188d26459d511348 |
| SHA1 | eb46dbef32583b541126b92a1029ae68dfa65d82 |
| SHA256 | 620b4893a4ccd35dab67dd0bac8a2d58dbfef3acae86bf7f755c0061ce34a21d |
| SHA512 | 439bf345ed9698fab7f4169d53e708084b3f0923a6e13522a9a766148e7bb22f69785a78e8c6f722f2614f4489b7b4b266af01303e7ca246975968c1df96b3c5 |
memory/3404-13-0x0000000000400000-0x000000000042A000-memory.dmp
memory/3404-21-0x0000000000400000-0x000000000042A000-memory.dmp