c629d07ad84585ae3451301bd9fc69bd43d25a8fe77e7d2a2a380abc9e372f5b

Analysis

max time kernel
114s
max time network
83s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
05-07-2023 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sniffnet_Windows_64-bit.msi
Size

13.9MB
MD5

ba8a0cfaf2ab51dcaf60851908617142
SHA1

a556f3763a5496aaa45af4593c1fe95eeaeb2f73
SHA256

c629d07ad84585ae3451301bd9fc69bd43d25a8fe77e7d2a2a380abc9e372f5b
SHA512

3d6a2d488761b22159244c486f5f0c65ee91c075f5bd51d51818acdb8e2ed9ca90497521f6dc543633a6c3820d33ce233829d7c1e9bb4338811ae2e4c1473fdf
SSDEEP

393216:6qKdik8gGLNEl4LBBIv17LnqjUSV0SyNZ9H8OHM:6qKdszLBk17Lnq0Z9cOH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2120	sniffnet.exe

Loads dropped DLL 14 IoCs

pid	Process
2880	msiexec.exe
2880	msiexec.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Sniffnet\sniffnet.exe	msiexec.exe
File created	C:\Program Files\Sniffnet\License.txt	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{A2834564-4396-4F96-A890-FFECF095617C}\ProductICO	msiexec.exe
File opened for modification	C:\Windows\Installer\6e8bed.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\6e8bec.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6e8bec.msi	msiexec.exe
File created	C:\Windows\Installer\6e8bed.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\{A2834564-4396-4F96-A890-FFECF095617C}\ProductICO	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI9158.tmp	msiexec.exe
File created	C:\Windows\Installer\6e8bef.msi	msiexec.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe

Modifies registry class 27 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\ProductIcon = "C:\\Windows\\Installer\\{A2834564-4396-4F96-A890-FFECF095617C}\\ProductICO"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4654382A693469F48A09FFCE0F5916C7	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\ProductName = "Sniffnet"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4654382A693469F48A09FFCE0F5916C7\Desktop = "Binaries"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\Version = "16908289"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\Media\DiskPrompt = "Sniffnet Installation"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4654382A693469F48A09FFCE0F5916C7\StartMenu = "Binaries"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\PackageCode = "197C0A1AF98C1FB4EBCE0F413D41BFB0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\PackageName = "Sniffnet_Windows_64-bit.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\Media\1 = ";CD-ROM #1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4654382A693469F48A09FFCE0F5916C7\Environment = "Binaries"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7BDDA2535A62BB642BB5493E97CB4280\4654382A693469F48A09FFCE0F5916C7	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4654382A693469F48A09FFCE0F5916C7\Binaries	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4654382A693469F48A09FFCE0F5916C7\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7BDDA2535A62BB642BB5493E97CB4280	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2880	msiexec.exe
2880	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2868	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2868	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeSecurityPrivilege	2880	msiexec.exe
Token: SeCreateTokenPrivilege	2868	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2868	msiexec.exe
Token: SeLockMemoryPrivilege	2868	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2868	msiexec.exe
Token: SeMachineAccountPrivilege	2868	msiexec.exe
Token: SeTcbPrivilege	2868	msiexec.exe
Token: SeSecurityPrivilege	2868	msiexec.exe
Token: SeTakeOwnershipPrivilege	2868	msiexec.exe
Token: SeLoadDriverPrivilege	2868	msiexec.exe
Token: SeSystemProfilePrivilege	2868	msiexec.exe
Token: SeSystemtimePrivilege	2868	msiexec.exe
Token: SeProfSingleProcessPrivilege	2868	msiexec.exe
Token: SeIncBasePriorityPrivilege	2868	msiexec.exe
Token: SeCreatePagefilePrivilege	2868	msiexec.exe
Token: SeCreatePermanentPrivilege	2868	msiexec.exe
Token: SeBackupPrivilege	2868	msiexec.exe
Token: SeRestorePrivilege	2868	msiexec.exe
Token: SeShutdownPrivilege	2868	msiexec.exe
Token: SeDebugPrivilege	2868	msiexec.exe
Token: SeAuditPrivilege	2868	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2868	msiexec.exe
Token: SeChangeNotifyPrivilege	2868	msiexec.exe
Token: SeRemoteShutdownPrivilege	2868	msiexec.exe
Token: SeUndockPrivilege	2868	msiexec.exe
Token: SeSyncAgentPrivilege	2868	msiexec.exe
Token: SeEnableDelegationPrivilege	2868	msiexec.exe
Token: SeManageVolumePrivilege	2868	msiexec.exe
Token: SeImpersonatePrivilege	2868	msiexec.exe
Token: SeCreateGlobalPrivilege	2868	msiexec.exe
Token: SeBackupPrivilege	2976	vssvc.exe
Token: SeRestorePrivilege	2976	vssvc.exe
Token: SeAuditPrivilege	2976	vssvc.exe
Token: SeBackupPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2704	DrvInst.exe
Token: SeLoadDriverPrivilege	2704	DrvInst.exe
Token: SeLoadDriverPrivilege	2704	DrvInst.exe
Token: SeLoadDriverPrivilege	2704	DrvInst.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe
Token: SeTakeOwnershipPrivilege	2880	msiexec.exe
Token: SeRestorePrivilege	2880	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2868	msiexec.exe
2868	msiexec.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Sniffnet_Windows_64-bit.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2868

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2880

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2976

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C4" "00000000000005C0"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Program Files\Sniffnet\sniffnet.exe
"C:\Program Files\Sniffnet\sniffnet.exe"
1⤵
- Executes dropped EXE
PID:2120

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\6e8bee.rbs

Filesize
9KB

MD5
ebb96fc7e06da082d1e21e4debf5f3b8

SHA1
35b151067c9f0d2dae2a93970528d829957a02ed

SHA256
6334eab795484d891fc4c25a2f64508202252af3b414aff7a670b8f5547d5d39

SHA512
7992af8c05aab29ed4a603b46105c1621ce7b6980d747d0f6a886496dc21753d5b631c4eed4318da98413e4443e2275a15b3911074aff97a5bc94eea32586947

Download Submit
C:\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
C:\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
C:\Windows\Installer\6e8bec.msi

Filesize
13.9MB

MD5
ba8a0cfaf2ab51dcaf60851908617142

SHA1
a556f3763a5496aaa45af4593c1fe95eeaeb2f73

SHA256
c629d07ad84585ae3451301bd9fc69bd43d25a8fe77e7d2a2a380abc9e372f5b

SHA512
3d6a2d488761b22159244c486f5f0c65ee91c075f5bd51d51818acdb8e2ed9ca90497521f6dc543633a6c3820d33ce233829d7c1e9bb4338811ae2e4c1473fdf

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit
\Program Files\Sniffnet\sniffnet.exe

Filesize
28.7MB

MD5
8be6ec961d30c653281018a8363dd5ae

SHA1
bf21c702ffc41b20c4e07dad3bad27dc1be9e0d0

SHA256
48b30213188199eddcc6d816d9ac4ea34c5ad9454101d7c37c17f2bd564e9fa3

SHA512
141ddc4973c376c11310f0d7abadb78e13b4c8bc3dfbbc021231d364cfad86c1a122f8a4bb289838ca6a4745ba102a22c51618fda1b1bf6aeb19bec165633ee3

Download Submit