Overview

overview

3

Static

static

3

CyberSniff...ff.exe

windows11-21h2-x64

1

CyberSniff...ff.exe

windows11-21h2-x64

1

CyberSniff...PC.dll

windows11-21h2-x64

1

CyberSniff...rs.dll

windows11-21h2-x64

1

CyberSniff...pf.dll

windows11-21h2-x64

1

CyberSniff...tor.py

windows11-21h2-x64

3

CyberSniff...on.dll

windows11-21h2-x64

1

CyberSniff...et.dll

windows11-21h2-x64

1

CyberSniff...ss.dll

windows11-21h2-x64

1

CyberSniff...ap.dll

windows11-21h2-x64

1

CyberSniff...or.dll

windows11-21h2-x64

1

CyberSniff...if.dll

windows11-21h2-x64

1

CyberSniff...Dl.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    87s
  • max time network
    96s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-02-2024 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CyberSniff/CyberSniff.exe

  • Size

    2.2MB

  • MD5

    6bf3a2f9268f9cd99552aecfa10a6abd

  • SHA1

    ae49c79144df631328f74d08c806a0d999756eae

  • SHA256

    e23b27f3242ac9d3a94717eb06e20acbb229b125673430a3ac3dcfb7e73bc944

  • SHA512

    b46562ac5cc657a2166dd4fb6692a14d73b7e439c829c6db7591de767fc2e9c5a95276b785032e1d0a76cd5cc1e89b902a23813cbdf649eaf27bd89bf0ae6561

  • SSDEEP

    24576:Gj+JxH3eCsapypA2p7CjapypAZreCbapypAjl7CcapypAPW17:QweCsagP7CjagUeCbagE7CcagGW

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CyberSniff\CyberSniff.exe
    "C:\Users\Admin\AppData\Local\Temp\CyberSniff\CyberSniff.exe"
    1⤵
      PID:708
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4828
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:236

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
        Filesize

        11KB

        MD5

        d90e784a2a95fc1d2e2199b6a907fbc9

        SHA1

        7e6ec69e4d899a81113a0b623f55e71ffeedeff8

        SHA256

        558da8426d77dea2c0be69bcca9730a7eb96bf79020b2ecda5509e1756fe4f22

        SHA512

        761c2722b6d75ecf2fc928f04fe5464ff275c8f6bce07ad7a19ed0e2c1660639c89ec2e38055bae1b5093937cc1d88ea3a481a883a13ee3682d3970c1cd33dca

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
        Filesize

        11KB

        MD5

        85c26754118ae9c45f2b0695d83d6cad

        SHA1

        a9fd6ba548758878a0b5c1e44bf87a45f5ce77df

        SHA256

        13f27ba5dae3b34f9bd088b07a51ae7a9403ab42e1883232ac82614e3b073683

        SHA512

        9690c2b8107871fd4d9ee876e9dcce0df5c981e630b8a105461df334074a41b3f6e0a01375dae55c8e8e4f9d49861e640351127f5e0918f8618ca046729523c4

        Download Submit