Overview

overview

7

Static

static

3

CyberSniff...ff.exe

windows7-x64

1

CyberSniff...ff.exe

windows10-2004-x64

1

CyberSniff...ff.exe

windows7-x64

1

CyberSniff...ff.exe

windows10-2004-x64

7

CyberSniff...PC.dll

windows7-x64

1

CyberSniff...PC.dll

windows10-2004-x64

1

CyberSniff...rs.dll

windows7-x64

1

CyberSniff...rs.dll

windows10-2004-x64

1

CyberSniff...pf.dll

windows7-x64

1

CyberSniff...pf.dll

windows10-2004-x64

1

CyberSniff...on.dll

windows7-x64

1

CyberSniff...on.dll

windows10-2004-x64

1

CyberSniff...et.dll

windows7-x64

1

CyberSniff...et.dll

windows10-2004-x64

1

CyberSniff...ss.dll

windows7-x64

1

CyberSniff...ss.dll

windows10-2004-x64

1

CyberSniff...ap.dll

windows7-x64

1

CyberSniff...ap.dll

windows10-2004-x64

1

CyberSniff...or.dll

windows7-x64

1

CyberSniff...or.dll

windows10-2004-x64

1

CyberSniff...nt.dll

windows7-x64

1

CyberSniff...nt.dll

windows10-2004-x64

1

CyberSniff...if.dll

windows7-x64

1

CyberSniff...if.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1488s
  • max time network
    1543s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2024 05:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CyberSniff-Uncompiled_1/DiscordRPC.dll

  • Size

    80KB

  • MD5

    9ed0cc60faa1ca995f75dc8b4bf407c4

  • SHA1

    87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960

  • SHA256

    acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557

  • SHA512

    9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771

  • SSDEEP

    1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\CyberSniff-Uncompiled_1\DiscordRPC.dll,#1
    1⤵
      PID:4692
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:5112
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4668

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        78656e692ee1f0b3aa9e525d72aca5b9

        SHA1

        995c7770d1a4c39b53fb889e990609f16716ea8f

        SHA256

        43393a3d6db52eb39a406b6961e3c6b42dac48252fd838aaa78d256bddf04de1

        SHA512

        9cc6cc360f344b7d13f136813addb75c651aff5a40da1e2e41277afc2dcb4574af698b3d8fd924f94ef832297759ad50c8daa02753a09d497663d4a1cbdec567

        Download Submit

      • memory/4668-40-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-33-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-42-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-34-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-35-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-36-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-37-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-38-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-43-0x000002CAFD850000-0x000002CAFD851000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-0-0x000002CAF5540000-0x000002CAF5550000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4668-68-0x000002CAFDAA0000-0x000002CAFDAA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-32-0x000002CAFDC00000-0x000002CAFDC01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-39-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-44-0x000002CAFD840000-0x000002CAFD841000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-46-0x000002CAFD850000-0x000002CAFD851000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-49-0x000002CAFD840000-0x000002CAFD841000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-52-0x000002CAFD780000-0x000002CAFD781000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-16-0x000002CAF5640000-0x000002CAF5650000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4668-64-0x000002CAFD980000-0x000002CAFD981000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-66-0x000002CAFD990000-0x000002CAFD991000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-67-0x000002CAFD990000-0x000002CAFD991000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4668-41-0x000002CAFDC20000-0x000002CAFDC21000-memory.dmp

        Filesize

        4KB

        Download