Overview

overview

10

Static

static

10

SpyNote_v6...pi.dll

windows7-x64

1

SpyNote_v6...6.html

windows7-x64

1

SpyNote_v6...2.html

windows7-x64

1

SpyNote_v6...9.html

windows7-x64

1

SpyNote_v6...SM.dll

windows7-x64

1

SpyNote_v6...SL.exe

windows7-x64

1

apktool/apktool.bat

windows7-x64

1

apktool/apktool.jar

windows7-x64

1

apktool/signapk.jar

windows7-x64

1

SpyNote_v6...ub.apk

windows7-x64

3

SpyNote_v6...va.jar

windows7-x64

1

SpyNote_v6...sS.exe

windows7-x64

1

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows7-x64

1

platform-t...db.exe

windows7-x64

1

platform-t...mp.exe

windows7-x64

1

platform-t...ol.exe

windows7-x64

1

platform-t...ot.exe

windows7-x64

1

platform-t...nv.exe

windows7-x64

1

platform-t...c++.so

windows7-x64

3

platform-t...-1.dll

windows7-x64

1

platform-t...fs.exe

windows7-x64

1

platform-t...fs.exe

windows7-x64

1

platform-t...e3.exe

windows7-x64

1

platform-t...t__.py

windows7-x64

3

platform-t...ror.py

windows7-x64

3

platform-t...per.py

windows7-x64

3

platform-t...est.py

windows7-x64

3

platform-t...est.py

windows7-x64

3

platform-t..._tests

windows7-x64

1

SpyNote_v6...in.exe

windows7-x64

1

SpyNote_v6...te.exe

windows7-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    platform-tools/systrace/catapult/common/battor/battor/battor_wrapper_unittest.py

  • Size

    13KB

  • MD5

    e41fab7141cd0516d3a20b342bd83957

  • SHA1

    dfa32ae0417b76ed4f5fb81334b74fcf2fe6a146

  • SHA256

    c8eb91f0d2b7ecd7a2dd32416d8068d9f1154f68899ffeb6800b341048b462d1

  • SHA512

    822d07458fe261158a118b794f6e3c1ec6c9bf9941d3c5f505321c5a1820f688c16fd45d9dafdc3947f790bea32551a696f25f1539efc7df953288a9dfc41530

  • SSDEEP

    192:S+gTLCAcAXAMBYhuAdAAcAk6Vooj6ASE1OAS7DKtwQrS+O3ZTrb9KPVvDoIskeFH:SwMU2voq

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\battor_wrapper_unittest.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\battor_wrapper_unittest.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\platform-tools\systrace\catapult\common\battor\battor\battor_wrapper_unittest.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    02cd836b855383681e20b6f800b6b7ce

    SHA1

    e501ff11f2a4c831c284e3b35d11ef29d8771787

    SHA256

    aa496dac0d0f742bff0d1da0a82d86cea5813f2bc02d6c0da911f1a3b5efbb59

    SHA512

    6e791561affd1098af73701a350a91b26ebaac3aaa6222b6d9d1a107571845d6b062da03760f52a994b513737e7ed716dfcc1b0369c4acac9561667a2d96d6fe

    Download Submit