d660674028ca3498f5b2ee5d6f97a789b9f9e71ea0e7e2a60f6f31c6a68123a1

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17-03-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfc46aab6c4f034ab974d9a5171b10a6.exe
Size

67KB
MD5

cfc46aab6c4f034ab974d9a5171b10a6
SHA1

c725efbae5d67af9f2e90424013ca110c3b8ebf5
SHA256

d660674028ca3498f5b2ee5d6f97a789b9f9e71ea0e7e2a60f6f31c6a68123a1
SHA512

b46465998d68e8ede8f7e4639ff620726b1c280390173763808fdfe531fcbf29ea4c9c567425963c01efbee9a7a23c4b4a5cebcff635a5f00ee2089a0c971db4
SSDEEP

1536:9z/igJA6OOeO4j61YZ4RiHGCIIEwm1PECDLN8v2jBy8ZO:97VGVOJYyRYTi71PECDLNy2jBJM

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

netprotocol.exe

pid process

4996 netprotocol.exe

pid	process
4996	netprotocol.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

cfc46aab6c4f034ab974d9a5171b10a6.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Netprotocol = "C:\\Users\\Admin\\AppData\\Roaming\\netprotocol.exe"	cfc46aab6c4f034ab974d9a5171b10a6.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cfc46aab6c4f034ab974d9a5171b10a6.exe

description	pid	process	target process
PID 3052 wrote to memory of 4996	3052	cfc46aab6c4f034ab974d9a5171b10a6.exe	netprotocol.exe
PID 3052 wrote to memory of 4996	3052	cfc46aab6c4f034ab974d9a5171b10a6.exe	netprotocol.exe
PID 3052 wrote to memory of 4996	3052	cfc46aab6c4f034ab974d9a5171b10a6.exe	netprotocol.exe

C:\Users\Admin\AppData\Local\Temp\cfc46aab6c4f034ab974d9a5171b10a6.exe
"C:\Users\Admin\AppData\Local\Temp\cfc46aab6c4f034ab974d9a5171b10a6.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Roaming\netprotocol.exe
C:\Users\Admin\AppData\Roaming\netprotocol.exe
2⤵
- Executes dropped EXE
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3828 --field-trial-handle=2228,i,521073434451423547,2311651514500527526,262144 --variations-seed-version /prefetch:8
1⤵
PID:2672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\netprotocol.exe
Filesize
67KB

MD5
7902d478bc82e230fa98a5277e6d2b5b

SHA1
c96db4edbf24968580fe8b49dfb70b05e96b92c7

SHA256
14a654f87cffc3986c51001fbffce652b8dd059a31b25031551a97e0496b1425

SHA512
7cac09f48e336697152a28a1d7ef003273ea2e8e82d9d6ada84758164fc449cfa2260f2b70ca82095d0785dbc1aa02a3a60daea7cb6de99e04ea4b54c2f65839

Download Submit
memory/3052-0-0x0000000000600000-0x0000000000626000-memory.dmp

Filesize
152KB

Download
memory/3052-2-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3052-8-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3052-10-0x0000000000600000-0x0000000000626000-memory.dmp

Filesize
152KB

Download
memory/4996-6-0x0000000000580000-0x00000000005A6000-memory.dmp

Filesize
152KB

Download
memory/4996-7-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/4996-9-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download