Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30-11-2024 05:06
Behavioral task
behavioral1
Sample
e8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe
Resource
win7-20240903-en
General
-
Target
e8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe
-
Size
83KB
-
MD5
704753ac7fb5ce4195feeb4ebf962a48
-
SHA1
b92fffceceaf0c296c0e36c7d24a232b99a6275f
-
SHA256
e8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0
-
SHA512
cd889664c8f2f0b511a6bcf197bb42911f9a4e7ccba65d76c7a4fd4e8f852aef348b40e45e9f286593704df9797ffe572efef0932b8e15ff240a93855b68356d
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+5KK:LJ0TAz6Mte4A+aaZx8EnCGVu5V
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2148-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2148-1-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2148-5-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/files/0x0005000000004ed7-11.dat upx behavioral1/memory/2148-12-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2148-22-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2148-29-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestwecan.hasthe.technologyIN AResponsewecan.hasthe.technologyIN A172.67.183.40wecan.hasthe.technologyIN A104.21.59.199
-
POSThttp://wecan.hasthe.technology/uploade8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85500
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------a2accfadb85fc698
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 30 Nov 2024 06:06:47 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNYTbGAh0OjwjKzT8aU3%2BgqBEvT7x6SQ18pEyMk3QBB%2FT9G%2B5c7ktBIG7DV47MTDEZNRjkLb0y%2F8bqLMBHL%2BTETk0isQN6Dtdon2eZn0%2FIOl1Im2p1IfKtOWCt8ebu4GrNZY9IwU9OLI5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ea84f63cd820177-CDG
-
POSThttp://wecan.hasthe.technology/uploade8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85500
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------470abec7db75d186
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 30 Nov 2024 06:07:17 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qQCR3VD61AnrbsIQRyIog9ov0%2FZ16DL%2F92didkcvGteX4A%2FjjXETEJxZNAHti7cJ7O5Kej6N6uK2q5P1uxIExCMr6HUAvQTxeVF7%2FAWbtAKSqLmC7V0L8sXepg9SUQFYTpnyXBDX%2BhGx%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ea85021ed38d171-CDG
-
POSThttp://wecan.hasthe.technology/uploade8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85500
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------3d987ca87b7b6e3a
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 30 Nov 2024 06:07:48 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NhIirQvb6XHRKd61KtR2WstNcG4Z%2Foq4TDsc3x%2BEsEvrlxV%2Bu02qw0%2BnoDiYH1745eBFq98KxnUn%2Bent%2FGP91QufLRzr1%2B8EqfbqllqKYYThmcTFDHWNTm9dWOckELvB%2B9S6lMKbECwMEw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ea850df9cf903bb-LHR
-
POSThttp://wecan.hasthe.technology/uploade8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exeRemote address:172.67.183.40:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85500
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------c9d6541ab9f191f6
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 30 Nov 2024 06:08:18 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ds3nk%2BEIE5nMzYPnPWIByWjv32rZBGk6w8MRzDLwfrnwncncIIbHSY8aerAuFnjM6G7OCe7UCagELc5ScRbaa%2FLFmEDjgDY1c4%2B5V2nRli2sX7vR8zIlZwMiQaNgS5%2FM2vnUMl7E2ZOyOA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ea8519d2c8703ff-CDG
-
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpe8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe88.7kB 2.4kB 74 39
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpe8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe88.7kB 2.1kB 74 32
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpe8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe88.7kB 2.4kB 74 38
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
172.67.183.40:80http://wecan.hasthe.technology/uploadhttpe8c406a15ea6602ea585eb7922a80d073c6a3cc4ede0d3c2843041ffa2e0c2e0.exe88.7kB 1.8kB 74 24
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5b52c49978ece90f6c653c1292d4833fe
SHA182ec47d142cd4507d8ea9634d2d0f30e3a70b78b
SHA256b5d4d0d33ebb338e11fbdf8d0fd9a69f2f24ca78f0699e426f092b6fc21cd6b8
SHA512b3ef2cea577f923d857847eb11220888724f7c1e3d5b06d21a3afb186de5543b53acf6652835bc6d25d5481c654790dd08c91aecbd9f88100e06edca401b6d1e