Overview
overview
7Static
static
3CyberSniff...ff.exe
windows7-x64
1CyberSniff...ff.exe
windows10-2004-x64
1CyberSniff...ff.exe
windows7-x64
1CyberSniff...ff.exe
windows10-2004-x64
7CyberSniff...PC.dll
windows7-x64
1CyberSniff...PC.dll
windows10-2004-x64
1CyberSniff...rs.dll
windows7-x64
1CyberSniff...rs.dll
windows10-2004-x64
1CyberSniff...pf.dll
windows7-x64
1CyberSniff...pf.dll
windows10-2004-x64
1CyberSniff...on.dll
windows7-x64
1CyberSniff...on.dll
windows10-2004-x64
1CyberSniff...et.dll
windows7-x64
1CyberSniff...et.dll
windows10-2004-x64
1CyberSniff...ss.dll
windows7-x64
1CyberSniff...ss.dll
windows10-2004-x64
1CyberSniff...ap.dll
windows7-x64
1CyberSniff...ap.dll
windows10-2004-x64
1CyberSniff...or.dll
windows7-x64
1CyberSniff...or.dll
windows10-2004-x64
1CyberSniff...nt.dll
windows7-x64
1CyberSniff...nt.dll
windows10-2004-x64
1CyberSniff...if.dll
windows7-x64
1CyberSniff...if.dll
windows10-2004-x64
1Analysis
-
max time kernel
1488s -
max time network
1543s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08-02-2024 05:19
Static task
static1
Behavioral task
behavioral1
Sample
CyberSniff-Uncompiled_1/CyberSniff.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
CyberSniff-Uncompiled_1/CyberSniff.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
CyberSniff-Uncompiled_1/CyberSniff.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
CyberSniff-Uncompiled_1/CyberSniff.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
CyberSniff-Uncompiled_1/DiscordRPC.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
CyberSniff-Uncompiled_1/DiscordRPC.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
CyberSniff-Uncompiled_1/MaterialDesignColors.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
CyberSniff-Uncompiled_1/MaterialDesignColors.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
CyberSniff-Uncompiled_1/MaterialDesignThemes.Wpf.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
CyberSniff-Uncompiled_1/MaterialDesignThemes.Wpf.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
CyberSniff-Uncompiled_1/Newtonsoft.Json.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
CyberSniff-Uncompiled_1/Newtonsoft.Json.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
CyberSniff-Uncompiled_1/PacketDotNet.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
CyberSniff-Uncompiled_1/PacketDotNet.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
CyberSniff-Uncompiled_1/SharpCompress.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
CyberSniff-Uncompiled_1/SharpCompress.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
CyberSniff-Uncompiled_1/SharpPcap.dll
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
CyberSniff-Uncompiled_1/SharpPcap.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
CyberSniff-Uncompiled_1/SimpleInjector.dll
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
CyberSniff-Uncompiled_1/SimpleInjector.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
CyberSniff-Uncompiled_1/System.Management.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
CyberSniff-Uncompiled_1/System.Management.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
CyberSniff-Uncompiled_1/WpfAnimatedGif.dll
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
CyberSniff-Uncompiled_1/WpfAnimatedGif.dll
Resource
win10v2004-20231215-en
General
-
Target
CyberSniff-Uncompiled_1/DiscordRPC.dll
-
Size
80KB
-
MD5
9ed0cc60faa1ca995f75dc8b4bf407c4
-
SHA1
87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
-
SHA256
acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
-
SHA512
9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
-
SSDEEP
1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 4668 svchost.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CyberSniff-Uncompiled_1\DiscordRPC.dll,#11⤵PID:4692
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:5112
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4668
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD578656e692ee1f0b3aa9e525d72aca5b9
SHA1995c7770d1a4c39b53fb889e990609f16716ea8f
SHA25643393a3d6db52eb39a406b6961e3c6b42dac48252fd838aaa78d256bddf04de1
SHA5129cc6cc360f344b7d13f136813addb75c651aff5a40da1e2e41277afc2dcb4574af698b3d8fd924f94ef832297759ad50c8daa02753a09d497663d4a1cbdec567