Overview
overview
3Static
static
3CyberSniff...ff.exe
windows11-21h2-x64
1CyberSniff...ff.exe
windows11-21h2-x64
1CyberSniff...PC.dll
windows11-21h2-x64
1CyberSniff...rs.dll
windows11-21h2-x64
1CyberSniff...pf.dll
windows11-21h2-x64
1CyberSniff...tor.py
windows11-21h2-x64
3CyberSniff...on.dll
windows11-21h2-x64
1CyberSniff...et.dll
windows11-21h2-x64
1CyberSniff...ss.dll
windows11-21h2-x64
1CyberSniff...ap.dll
windows11-21h2-x64
1CyberSniff...or.dll
windows11-21h2-x64
1CyberSniff...if.dll
windows11-21h2-x64
1CyberSniff...Dl.bat
windows11-21h2-x64
1Analysis
-
max time kernel
87s -
max time network
96s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-02-2024 13:29
Static task
static1
Behavioral task
behavioral1
Sample
CyberSniff/CyberSniff.exe
Resource
win11-20240214-en
Behavioral task
behavioral2
Sample
CyberSniff/CyberSniff.exe
Resource
win11-20240214-en
Behavioral task
behavioral3
Sample
CyberSniff/DiscordRPC.dll
Resource
win11-20240214-en
Behavioral task
behavioral4
Sample
CyberSniff/MaterialDesignColors.dll
Resource
win11-20240214-en
Behavioral task
behavioral5
Sample
CyberSniff/MaterialDesignThemes.Wpf.dll
Resource
win11-20240214-en
Behavioral task
behavioral6
Sample
CyberSniff/MultipeGiftCardGenerator.py
Resource
win11-20240214-en
Behavioral task
behavioral7
Sample
CyberSniff/Newtonsoft.Json.dll
Resource
win11-20240214-en
Behavioral task
behavioral8
Sample
CyberSniff/PacketDotNet.dll
Resource
win11-20240214-en
Behavioral task
behavioral9
Sample
CyberSniff/SharpCompress.dll
Resource
win11-20240214-en
Behavioral task
behavioral10
Sample
CyberSniff/SharpPcap.dll
Resource
win11-20240214-en
Behavioral task
behavioral11
Sample
CyberSniff/SimpleInjector.dll
Resource
win11-20240214-en
Behavioral task
behavioral12
Sample
CyberSniff/WpfAnimatedGif.dll
Resource
win11-20240214-en
Behavioral task
behavioral13
Sample
CyberSniff/filedwnldfrweb_CLIENTID_337399_pmCDl.bat
Resource
win11-20240214-en
General
-
Target
CyberSniff/CyberSniff.exe
-
Size
2.2MB
-
MD5
6bf3a2f9268f9cd99552aecfa10a6abd
-
SHA1
ae49c79144df631328f74d08c806a0d999756eae
-
SHA256
e23b27f3242ac9d3a94717eb06e20acbb229b125673430a3ac3dcfb7e73bc944
-
SHA512
b46562ac5cc657a2166dd4fb6692a14d73b7e439c829c6db7591de767fc2e9c5a95276b785032e1d0a76cd5cc1e89b902a23813cbdf649eaf27bd89bf0ae6561
-
SSDEEP
24576:Gj+JxH3eCsapypA2p7CjapypAZreCbapypAjl7CcapypAPW17:QweCsagP7CjagUeCbagE7CcagGW
Malware Config
Signatures
-
Modifies registry class 1 IoCs
Processes:
MiniSearchHost.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
MiniSearchHost.exepid process 236 MiniSearchHost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CyberSniff\CyberSniff.exe"C:\Users\Admin\AppData\Local\Temp\CyberSniff\CyberSniff.exe"1⤵PID:708
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4828
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:236
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize11KB
MD5d90e784a2a95fc1d2e2199b6a907fbc9
SHA17e6ec69e4d899a81113a0b623f55e71ffeedeff8
SHA256558da8426d77dea2c0be69bcca9730a7eb96bf79020b2ecda5509e1756fe4f22
SHA512761c2722b6d75ecf2fc928f04fe5464ff275c8f6bce07ad7a19ed0e2c1660639c89ec2e38055bae1b5093937cc1d88ea3a481a883a13ee3682d3970c1cd33dca
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize11KB
MD585c26754118ae9c45f2b0695d83d6cad
SHA1a9fd6ba548758878a0b5c1e44bf87a45f5ce77df
SHA25613f27ba5dae3b34f9bd088b07a51ae7a9403ab42e1883232ac82614e3b073683
SHA5129690c2b8107871fd4d9ee876e9dcce0df5c981e630b8a105461df334074a41b3f6e0a01375dae55c8e8e4f9d49861e640351127f5e0918f8618ca046729523c4