Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
17-03-2024 03:08
Static task
static1
Behavioral task
behavioral1
Sample
cfc46aab6c4f034ab974d9a5171b10a6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cfc46aab6c4f034ab974d9a5171b10a6.exe
Resource
win10v2004-20240226-en
General
-
Target
cfc46aab6c4f034ab974d9a5171b10a6.exe
-
Size
67KB
-
MD5
cfc46aab6c4f034ab974d9a5171b10a6
-
SHA1
c725efbae5d67af9f2e90424013ca110c3b8ebf5
-
SHA256
d660674028ca3498f5b2ee5d6f97a789b9f9e71ea0e7e2a60f6f31c6a68123a1
-
SHA512
b46465998d68e8ede8f7e4639ff620726b1c280390173763808fdfe531fcbf29ea4c9c567425963c01efbee9a7a23c4b4a5cebcff635a5f00ee2089a0c971db4
-
SSDEEP
1536:9z/igJA6OOeO4j61YZ4RiHGCIIEwm1PECDLN8v2jBy8ZO:97VGVOJYyRYTi71PECDLNy2jBJM
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
netprotocol.exepid process 4996 netprotocol.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
cfc46aab6c4f034ab974d9a5171b10a6.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Netprotocol = "C:\\Users\\Admin\\AppData\\Roaming\\netprotocol.exe" cfc46aab6c4f034ab974d9a5171b10a6.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cfc46aab6c4f034ab974d9a5171b10a6.exedescription pid process target process PID 3052 wrote to memory of 4996 3052 cfc46aab6c4f034ab974d9a5171b10a6.exe netprotocol.exe PID 3052 wrote to memory of 4996 3052 cfc46aab6c4f034ab974d9a5171b10a6.exe netprotocol.exe PID 3052 wrote to memory of 4996 3052 cfc46aab6c4f034ab974d9a5171b10a6.exe netprotocol.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfc46aab6c4f034ab974d9a5171b10a6.exe"C:\Users\Admin\AppData\Local\Temp\cfc46aab6c4f034ab974d9a5171b10a6.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\netprotocol.exeC:\Users\Admin\AppData\Roaming\netprotocol.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3828 --field-trial-handle=2228,i,521073434451423547,2311651514500527526,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\netprotocol.exeFilesize
67KB
MD57902d478bc82e230fa98a5277e6d2b5b
SHA1c96db4edbf24968580fe8b49dfb70b05e96b92c7
SHA25614a654f87cffc3986c51001fbffce652b8dd059a31b25031551a97e0496b1425
SHA5127cac09f48e336697152a28a1d7ef003273ea2e8e82d9d6ada84758164fc449cfa2260f2b70ca82095d0785dbc1aa02a3a60daea7cb6de99e04ea4b54c2f65839
-
memory/3052-0-0x0000000000600000-0x0000000000626000-memory.dmpFilesize
152KB
-
memory/3052-2-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/3052-8-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/3052-10-0x0000000000600000-0x0000000000626000-memory.dmpFilesize
152KB
-
memory/4996-6-0x0000000000580000-0x00000000005A6000-memory.dmpFilesize
152KB
-
memory/4996-7-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/4996-9-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB