Overview

overview

10

Static

static

10

SpyNote_v6...pi.dll

windows7-x64

1

SpyNote_v6...6.html

windows7-x64

1

SpyNote_v6...2.html

windows7-x64

1

SpyNote_v6...9.html

windows7-x64

1

SpyNote_v6...SM.dll

windows7-x64

1

SpyNote_v6...SL.exe

windows7-x64

1

apktool/apktool.bat

windows7-x64

1

apktool/apktool.jar

windows7-x64

1

apktool/signapk.jar

windows7-x64

1

SpyNote_v6...ub.apk

windows7-x64

3

SpyNote_v6...va.jar

windows7-x64

1

SpyNote_v6...sS.exe

windows7-x64

1

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows7-x64

1

platform-t...db.exe

windows7-x64

1

platform-t...mp.exe

windows7-x64

1

platform-t...ol.exe

windows7-x64

1

platform-t...ot.exe

windows7-x64

1

platform-t...nv.exe

windows7-x64

1

platform-t...c++.so

windows7-x64

3

platform-t...-1.dll

windows7-x64

1

platform-t...fs.exe

windows7-x64

1

platform-t...fs.exe

windows7-x64

1

platform-t...e3.exe

windows7-x64

1

platform-t...t__.py

windows7-x64

3

platform-t...ror.py

windows7-x64

3

platform-t...per.py

windows7-x64

3

platform-t...est.py

windows7-x64

3

platform-t...est.py

windows7-x64

3

platform-t..._tests

windows7-x64

1

SpyNote_v6...in.exe

windows7-x64

1

SpyNote_v6...te.exe

windows7-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    platform-tools/systrace/catapult/common/battor/battor/__init__.py

  • Size

    1012B

  • MD5

    4a275f2b0004229f8139d160a78c8160

  • SHA1

    cc39f21bf20dc2c3cec76fb71f8c82e1fec330f0

  • SHA256

    3802690854d1135413a8946b5f355ccc580c974a289a13e72fe98ef8a8f900a5

  • SHA512

    539c630a59b2ed1593483d4c853192c0cd041d816b9367d843510ecf2f992812323422523cb545f437cfd2382607d50b24567645228b0a3cf033896be69b94e9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\__init__.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\__init__.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\__init__.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4ec77604eabaf571cc37091df5bda9cd

    SHA1

    c68b14ccbab8d1d3859db6a2b2445384041f8e00

    SHA256

    9dee2193f14efe3206b2a0e840c78e6ea1414675d7321692c6a7a542219f1589

    SHA512

    c9b7217a1f39496249368ef35135abffc7f8b44377482fcc56ac0834afa59af0fb411dd49e53391cef6a9e4b918777e75ba215b840553ea41e6ea1867ffdfb3e

    Download Submit