Overview

overview

10

Static

static

10

CoreAudioApi.dll

windows10-1703-x64

1

Resources/...go.jpg

windows10-1703-x64

3

Resources/...SM.dll

windows10-1703-x64

1

Resources/...SL.exe

windows10-1703-x64

1

Resources/...ub.apk

windows10-1703-x64

3

Resources/...va.jar

windows10-1703-x64

1

Resources/...sS.exe

windows10-1703-x64

1

Resources/...in.exe

windows10-1703-x64

1

SpyNote_6.4.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    53s
  • max time network
    81s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-01-2023 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Resources/Imports/Payload/stub.apk

  • Size

    730KB

  • MD5

    0c0290abde03555f3c66c81eba860a3d

  • SHA1

    939a8e6d0ed4bd8c9f491405ecf069df7bddb7cc

  • SHA256

    7b20a276931c8625b39ebc46017c7e4d4a7bdf319b9f451231d777b078b0cd6a

  • SHA512

    441922d41856ec246d1cb29e3b290b62b2d3bc4ca54f896af1df72263e67a320f1b3b85f4d5bd129fa32b4633a1b9f74a63783791f1ea1cb1ca97a8a26b8ea48

  • SSDEEP

    12288:CJc+EIBvAvcKIth8eGz3zaR9QHqd8gmw+/goe13VvqX:CJc+EIO0K4KeGTzaR+imz/goeHvqX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Resources\Imports\Payload\stub.apk
    1⤵
    • Modifies registry class
    PID:2708
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads