Overview
overview
10Static
static
10Spy Note 6...pi.dll
windows7-x64
1Spy Note 6...pi.dll
windows10-2004-x64
1Spy Note 6...SM.dll
windows7-x64
1Spy Note 6...SM.dll
windows10-2004-x64
1Spy Note 6...SL.exe
windows7-x64
1Spy Note 6...SL.exe
windows10-2004-x64
1Spy Note 6...ub.apk
android-9-x86
Spy Note 6...ub.apk
android-10-x64
Spy Note 6...ub.apk
android-11-x64
Spy Note 6...va.jar
windows7-x64
1Spy Note 6...va.jar
windows10-2004-x64
7Spy Note 6...sS.exe
windows7-x64
1Spy Note 6...sS.exe
windows10-2004-x64
1Spy Note 6...in.exe
windows7-x64
1Spy Note 6...in.exe
windows10-2004-x64
1Spy Note 6...ed.exe
windows7-x64
1Spy Note 6...ed.exe
windows10-2004-x64
1Analysis
-
max time kernel
81s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04-02-2024 15:37
Behavioral task
behavioral1
Sample
Spy Note 6.4/CoreAudioApi.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Spy Note 6.4/CoreAudioApi.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Spy Note 6.4/Resources/Imports/Gsm/GSM.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Spy Note 6.4/Resources/Imports/Gsm/GSM.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Spy Note 6.4/Resources/Imports/Payload/SL.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Spy Note 6.4/Resources/Imports/Payload/SL.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Spy Note 6.4/Resources/Imports/Payload/stub.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral8
Sample
Spy Note 6.4/Resources/Imports/Payload/stub.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral9
Sample
Spy Note 6.4/Resources/Imports/Payload/stub.apk
Resource
android-x64-arm64-20231215-en
Behavioral task
behavioral10
Sample
Spy Note 6.4/Resources/Imports/PlayerJava/PlayerJava.jar
Resource
win7-20231215-en
Behavioral task
behavioral11
Sample
Spy Note 6.4/Resources/Imports/PlayerJava/PlayerJava.jar
Resource
win10v2004-20231222-en
Behavioral task
behavioral12
Sample
Spy Note 6.4/Resources/Imports/T/sS.exe
Resource
win7-20231129-en
Behavioral task
behavioral13
Sample
Spy Note 6.4/Resources/Imports/T/sS.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral14
Sample
Spy Note 6.4/Resources/Imports/platform-tools/plwin.exe
Resource
win7-20231215-en
Behavioral task
behavioral15
Sample
Spy Note 6.4/Resources/Imports/platform-tools/plwin.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral16
Sample
Spy Note 6.4/SpyNote Cracked.exe
Resource
win7-20231215-en
Behavioral task
behavioral17
Sample
Spy Note 6.4/SpyNote Cracked.exe
Resource
win10v2004-20231222-en
General
-
Target
Spy Note 6.4/SpyNote Cracked.exe
-
Size
6.1MB
-
MD5
b4bb4a074169545d22ad0278e66ec96b
-
SHA1
c386177d35f0959fa55606df1bb6995b46030c61
-
SHA256
b3ca2f2cc15a16fc390172a9507337dc1f73d3501b46e2c761238171456654ae
-
SHA512
c0374732df1bdc15fac5229019d2962485d9a221b970690c1d2e6eb0af6401b0c98fc5d9e1584b7896e28c122afb1faa196ae5ba441f234a522c2746c5931998
-
SSDEEP
98304:Op2AEpDZEXXZlZYZlbHn7CFK5PnOSPz3ZhqARLlJQHagle:OQvdZEXpGbH7CU9OiphhxlJJg
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
SpyNote Cracked.exepid process 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe 2548 SpyNote Cracked.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SpyNote Cracked.exedescription pid process Token: SeDebugPrivilege 2548 SpyNote Cracked.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Spy Note 6.4\SpyNote Cracked.exe"C:\Users\Admin\AppData\Local\Temp\Spy Note 6.4\SpyNote Cracked.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2548
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2868