Analysis Overview
SHA256
114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35
Threat Level: Likely benign
The file 114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe was found to be: Likely benign.
Malicious Activity Summary
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 14:57
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 14:57
Reported
2025-01-27 14:59
Platform
win7-20240729-en
Max time kernel
119s
Max time network
91s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe
"C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
Files
memory/1384-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1384-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1384-5-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-tL8g5jZVMxfCG4MZ.exe
| MD5 | 50faf3a4454b6b0cacc64c6afadc6c25 |
| SHA1 | 82c6ed7c759470ebf81c36496d9f6835dff13625 |
| SHA256 | dca1aad28ad4fff305d67325ea53398fa6278093009578f5089b4ed84696310e |
| SHA512 | c923cf543ed43a38a0811365aa50df7de2191aca048ad074fd94533b9a6235ed5d51a4f1aeba78339c78330940578a7c1d9010bd9cc7194c1ab9e294b61d8911 |
memory/1384-14-0x0000000000400000-0x000000000042A000-memory.dmp
memory/1384-22-0x0000000000400000-0x000000000042A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 14:57
Reported
2025-01-27 14:59
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
95s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe
"C:\Users\Admin\AppData\Local\Temp\114aec77fd179a343b2948ab4758a5b3ab9d6fc8cfcac4005cee0ee4dbc60a35.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wecan.hasthe.technology | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 199.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 104.21.59.199:80 | wecan.hasthe.technology | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/2836-0-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-1-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-8-0x0000000000400000-0x000000000042A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rifaien2-VvyuRiFq4WYtVPx4.exe
| MD5 | 3defaff1bf90e270b8c7cb8364f5095b |
| SHA1 | 23bf34f23593c1e8302500172fc4561b3ea82d95 |
| SHA256 | 0681c243ba60903da7e5792df30ec77dd4f06aa9845325740a6502fa2538c84d |
| SHA512 | ebcaab642c8519c3d28ab749655f7ef627cbdf47dc141a8e47ce3d09250bfa732f075816385bab73514f583eb98eedf6791caaea3c68bd570c7daad2c0a1cd9e |
memory/2836-15-0x0000000000400000-0x000000000042A000-memory.dmp
memory/2836-22-0x0000000000400000-0x000000000042A000-memory.dmp