Overview

overview

10

Static

static

10

SpyNote_v6...pi.dll

windows10-2004-x64

1

SpyNote_v6...6.html

windows10-2004-x64

1

SpyNote_v6...2.html

windows10-2004-x64

1

SpyNote_v6...9.html

windows10-2004-x64

1

SpyNote_v6...SM.dll

windows10-2004-x64

1

SpyNote_v6...SL.exe

windows10-2004-x64

1

apktool/apktool.bat

windows10-2004-x64

7

apktool/apktool.jar

windows10-2004-x64

7

apktool/signapk.jar

windows10-2004-x64

7

SpyNote_v6...ub.apk

windows10-2004-x64

3

SpyNote_v6...va.jar

windows10-2004-x64

7

SpyNote_v6...sS.exe

windows10-2004-x64

1

platform-t...pi.dll

windows10-2004-x64

3

platform-t...pi.dll

windows10-2004-x64

3

platform-t...db.exe

windows10-2004-x64

1

platform-t...mp.exe

windows10-2004-x64

1

platform-t...ol.exe

windows10-2004-x64

1

platform-t...ot.exe

windows10-2004-x64

1

platform-t...nv.exe

windows10-2004-x64

1

platform-t...c++.so

windows10-2004-x64

3

platform-t...-1.dll

windows10-2004-x64

1

platform-t...fs.exe

windows10-2004-x64

1

platform-t...fs.exe

windows10-2004-x64

1

platform-t...e3.exe

windows10-2004-x64

1

platform-t...t__.py

windows10-2004-x64

3

platform-t...ror.py

windows10-2004-x64

3

platform-t...per.py

windows10-2004-x64

3

platform-t...est.py

windows10-2004-x64

3

platform-t...est.py

windows10-2004-x64

3

platform-t..._tests

windows10-2004-x64

1

SpyNote_v6...in.exe

windows10-2004-x64

1

SpyNote_v6...te.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpyNote_v6.4/Resources/Imports/PlayerJava/PlayerJava.jar

  • Size

    3KB

  • MD5

    d9c23d7574c0d886321dcd029e463f2c

  • SHA1

    7fad47eb6860a01325c6d526a43d9bbadb66aff7

  • SHA256

    e22d8a06415f21b900a9a079a6a7928d6c84d2cf33aa07c6ad385dfbbfcd55ed

  • SHA512

    c32c019fb0bacbd70441cf3ed769bfde9597389f840ff8511db36586756382ef22bd163a7b7cb9e258a4b7a896e5d1a606d92513a141cb2e3c6e421a66ecb316

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\SpyNote_v6.4\Resources\Imports\PlayerJava\PlayerJava.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:5104

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    5ec47b347d9553ea414be4fb0708ec97

    SHA1

    e1fa65bd256f1186205a9a4cfe841eda2d0e0ad1

    SHA256

    c80094828604e1618b62ba0ac6c822115fdacec810f75efc4f09ec090c65e925

    SHA512

    d2824d3ff74cdc3a058347712451bd42f2eaaedfbc2d86155c4c9619ffbe3aa1e1db0fa75ea1db6e53a7dcbc41b3865a43f2f7061a96c04557bc3fd82c38c7f3

    Download Submit
  • memory/2136-2-0x00000241D8D90000-0x00000241D9000000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/2136-12-0x00000241D73B0000-0x00000241D73B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2136-14-0x00000241D8D90000-0x00000241D9000000-memory.dmp
    Filesize

    2.4MB

    Download