Overview
overview
10Static
static
10Spy Note 6...pi.dll
windows7-x64
1Spy Note 6...pi.dll
windows10-2004-x64
1Spy Note 6...SM.dll
windows7-x64
1Spy Note 6...SM.dll
windows10-2004-x64
1Spy Note 6...SL.exe
windows7-x64
1Spy Note 6...SL.exe
windows10-2004-x64
1Spy Note 6...ub.apk
android-9-x86
Spy Note 6...ub.apk
android-10-x64
Spy Note 6...ub.apk
android-11-x64
Spy Note 6...va.jar
windows7-x64
1Spy Note 6...va.jar
windows10-2004-x64
7Spy Note 6...sS.exe
windows7-x64
1Spy Note 6...sS.exe
windows10-2004-x64
1Spy Note 6...in.exe
windows7-x64
1Spy Note 6...in.exe
windows10-2004-x64
1Spy Note 6...ed.exe
windows7-x64
1Spy Note 6...ed.exe
windows10-2004-x64
1Spy Note 6...er.apk
android-9-x86
Spy Note 6...er.apk
android-10-x64
Spy Note 6...er.apk
android-11-x64
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04-02-2024 15:23
Behavioral task
behavioral1
Sample
Spy Note 6.4/CoreAudioApi.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Spy Note 6.4/CoreAudioApi.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Spy Note 6.4/Resources/Imports/Gsm/GSM.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Spy Note 6.4/Resources/Imports/Gsm/GSM.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Spy Note 6.4/Resources/Imports/Payload/SL.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Spy Note 6.4/Resources/Imports/Payload/SL.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
Spy Note 6.4/Resources/Imports/Payload/stub.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral8
Sample
Spy Note 6.4/Resources/Imports/Payload/stub.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral9
Sample
Spy Note 6.4/Resources/Imports/Payload/stub.apk
Resource
android-x64-arm64-20231215-en
Behavioral task
behavioral10
Sample
Spy Note 6.4/Resources/Imports/PlayerJava/PlayerJava.jar
Resource
win7-20231215-en
Behavioral task
behavioral11
Sample
Spy Note 6.4/Resources/Imports/PlayerJava/PlayerJava.jar
Resource
win10v2004-20231215-en
Behavioral task
behavioral12
Sample
Spy Note 6.4/Resources/Imports/T/sS.exe
Resource
win7-20231215-en
Behavioral task
behavioral13
Sample
Spy Note 6.4/Resources/Imports/T/sS.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral14
Sample
Spy Note 6.4/Resources/Imports/platform-tools/plwin.exe
Resource
win7-20231215-en
Behavioral task
behavioral15
Sample
Spy Note 6.4/Resources/Imports/platform-tools/plwin.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral16
Sample
Spy Note 6.4/SpyNote Cracked.exe
Resource
win7-20231215-en
Behavioral task
behavioral17
Sample
Spy Note 6.4/SpyNote Cracked.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral18
Sample
Spy Note 6.4/Weather.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral19
Sample
Spy Note 6.4/Weather.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral20
Sample
Spy Note 6.4/Weather.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
Spy Note 6.4/Resources/Imports/Payload/SL.exe
-
Size
1.5MB
-
MD5
2eabc8a774c544e9b6e23ba1b83ed783
-
SHA1
a880005b4f619e004f4d9adcce2a9612112c26b2
-
SHA256
0080743a4364b8e5d8ec6a19010ee12dc79fcf815f592db639af262420ada0f8
-
SHA512
ed8cd1ec97e0954715c81c284bbc2751340a7933511862cda65e72be35fdd9d4a8693066f3023025f92b06c845173c2e5da6f4d88a3e97c62c640643dff475a9
-
SSDEEP
768:1KSAOfhZXvSzjWKDIp93ZZwpZpTQdBHiF7QHsIMd3uDzZuFs+mk:nrfhZXvSzjWb5wz16S7l9eDzZu7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SL.exedescription pid process target process PID 2544 wrote to memory of 1416 2544 SL.exe WerFault.exe PID 2544 wrote to memory of 1416 2544 SL.exe WerFault.exe PID 2544 wrote to memory of 1416 2544 SL.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Spy Note 6.4\Resources\Imports\Payload\SL.exe"C:\Users\Admin\AppData\Local\Temp\Spy Note 6.4\Resources\Imports\Payload\SL.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2544 -s 7882⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2544-0-0x0000000000340000-0x00000000004CC000-memory.dmpFilesize
1.5MB
-
memory/2544-1-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmpFilesize
9.9MB
-
memory/2544-2-0x000000001AE40000-0x000000001AEC0000-memory.dmpFilesize
512KB
-
memory/2544-3-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmpFilesize
9.9MB