Overview
overview
3Static
static
3CyberSniff...ff.exe
windows11-21h2-x64
1CyberSniff...ff.exe
windows11-21h2-x64
1CyberSniff...PC.dll
windows11-21h2-x64
1CyberSniff...rs.dll
windows11-21h2-x64
1CyberSniff...pf.dll
windows11-21h2-x64
1CyberSniff...tor.py
windows11-21h2-x64
3CyberSniff...on.dll
windows11-21h2-x64
1CyberSniff...et.dll
windows11-21h2-x64
1CyberSniff...ss.dll
windows11-21h2-x64
1CyberSniff...ap.dll
windows11-21h2-x64
1CyberSniff...or.dll
windows11-21h2-x64
1CyberSniff...if.dll
windows11-21h2-x64
1CyberSniff...Dl.bat
windows11-21h2-x64
1Analysis
-
max time kernel
88s -
max time network
92s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-02-2024 13:29
Static task
static1
Behavioral task
behavioral1
Sample
CyberSniff/CyberSniff.exe
Resource
win11-20240214-en
Behavioral task
behavioral2
Sample
CyberSniff/CyberSniff.exe
Resource
win11-20240214-en
Behavioral task
behavioral3
Sample
CyberSniff/DiscordRPC.dll
Resource
win11-20240214-en
Behavioral task
behavioral4
Sample
CyberSniff/MaterialDesignColors.dll
Resource
win11-20240214-en
Behavioral task
behavioral5
Sample
CyberSniff/MaterialDesignThemes.Wpf.dll
Resource
win11-20240214-en
Behavioral task
behavioral6
Sample
CyberSniff/MultipeGiftCardGenerator.py
Resource
win11-20240214-en
Behavioral task
behavioral7
Sample
CyberSniff/Newtonsoft.Json.dll
Resource
win11-20240214-en
Behavioral task
behavioral8
Sample
CyberSniff/PacketDotNet.dll
Resource
win11-20240214-en
Behavioral task
behavioral9
Sample
CyberSniff/SharpCompress.dll
Resource
win11-20240214-en
Behavioral task
behavioral10
Sample
CyberSniff/SharpPcap.dll
Resource
win11-20240214-en
Behavioral task
behavioral11
Sample
CyberSniff/SimpleInjector.dll
Resource
win11-20240214-en
Behavioral task
behavioral12
Sample
CyberSniff/WpfAnimatedGif.dll
Resource
win11-20240214-en
Behavioral task
behavioral13
Sample
CyberSniff/filedwnldfrweb_CLIENTID_337399_pmCDl.bat
Resource
win11-20240214-en
General
-
Target
CyberSniff/filedwnldfrweb_CLIENTID_337399_pmCDl.bat
-
Size
30B
-
MD5
dbe3809bb0ddbab2b478cf7caff53727
-
SHA1
6329047e246fac9dfa4c062e332d8832b57e3433
-
SHA256
f69ad8b1968add8b07608056dda3518e14450a0d3805af2ba3ecaac0b762618a
-
SHA512
b06a4bceefd1cfddb6ab37c0209044c78e529add18f6eb38786c06feeb200127324e50d6171fe666ee774e96ecd3746816c60ad03984d045403a3c6a94ed176d
Malware Config
Signatures
-
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 3424 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
taskkill.exedescription pid process Token: SeDebugPrivilege 3424 taskkill.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 4844 wrote to memory of 3424 4844 cmd.exe taskkill.exe PID 4844 wrote to memory of 3424 4844 cmd.exe taskkill.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\CyberSniff\filedwnldfrweb_CLIENTID_337399_pmCDl.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Windows\system32\taskkill.exetaskkill /f /im "explorer.exe"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3424