Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 08:47

General

  • Target

    SpyNote_v6.4/Resources/Clients/Vicitim_354051091211537/Apps/2021-27-9--17-10-52.html

  • Size

    9KB

  • MD5

    6a9f214598268f6b9754d0c6b3c29cfd

  • SHA1

    80858e5c88c4f875a03879eeb7f427e4c63f0981

  • SHA256

    70cb40871f1ca0e710697d82ae1d48d4236ef4d82ac4af897558a6397baa0748

  • SHA512

    56d9f796aa974a612486454ac0e7d1218ddbaf06447f85c1cb62efc943346adf71d98d5026ab54bff88cd087155a0b008f73be290808a350538e0e78a1e7026d

  • SSDEEP

    96:qa3FAwO96Fuf6/aFdAy7hLp209NSTWd3hC3CYvFrGSpI:qa39QmTH3CYvI

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SpyNote_v6.4\Resources\Clients\Vicitim_354051091211537\Apps\2021-27-9--17-10-52.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2588

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6eaf0644a902f39967fe5d0b9f30b530

    SHA1

    d4609dc2b3d96c385ffc71df1029341f3cb7e748

    SHA256

    920db7e0393a94f7119baffddd0041f25822035f8e1efcfdfa93f680a7e02b11

    SHA512

    a5dcd3d91d471e3cff2bcf966da9ec3f3f73bbbabf591c33b434514ffbddaff4e40ca61fe4c69790d23f1da9b3cd11cae32b23e79b449164cd97045ce4c308c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aeb39d0da0081fc269eda12e41ab09a4

    SHA1

    33ad13b9b0053b0c930fc7170e399b3b6f3e2d68

    SHA256

    0cefc1353225a54eecab453425e232c4db10d7b0c95152700227b99c5d3f061f

    SHA512

    9f7f0057e2eb55c2d300adb587a0b4f5b22feb5f7c07bae775f1c8e4d3c6640ccb4633d175648868a8ebbf8ced6a5825dd140c6f299cd946feb3202002faed83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cf3ea78bb0ddaf62bd46df2a426179d

    SHA1

    aa0700a1b98eeae836a5703f4ce367ae9d26add4

    SHA256

    2f9f031e374e634020f6e8d62e0da20272a123639e4fc30328fd503195eec6b2

    SHA512

    176bd43da079624734afd11ddcd583c2e68b295284a614e5e9b152d88788a314ab148f9715725eb9fbd6b7e4e1e5505f9ca2c30e590e33ce0acca33fd316d068

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c0adea13fa8c8d51899d8fd8c1a94085

    SHA1

    f4ea01cd7e52c018f0ff015efeaafed407e463ae

    SHA256

    a8b414d45331bcc670da342f2ab7de44e8b5d61a65cd84f248821b83b72ac800

    SHA512

    e998455ef9dac9b5b8e811dfaf2026ea9a0435ad1aa21c8870810f7b523a1f87fae49f89da3f9d29efbb707a2cd46175b317f3817055a0e2d4f73962fae69af5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6477b852c14312242987bf47545039a

    SHA1

    218b124ec3be7340e3055e01577d95faccacff3d

    SHA256

    86e98ce97cd0a7c1a74bb0afd310b91a33f83ce8990b7b8018f4daef7b547426

    SHA512

    751827069e86209188fdaaaa579da843157a3c89024466fe21bc76441297b51c992649ecdda944d85aa6fbadd2989dcece8c9c2aa71ce47aa45a5af5251edbcf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9dad83d7be3aa122420dffc6119f4871

    SHA1

    44125de2cc334b56aa47900b7782604ef6d3c9a9

    SHA256

    dda576d70de7d15ec865083e623ca60ee82a0adf60b8b36949006df7e30d52ea

    SHA512

    99e3f52c657bc0a4a519303d1956c3a736a75aa352310306f0bc6b8f4fb6112ed59c3097801277c704eeb8f39a7cb5235497bb54aaf878ed4d02a8a6275f9ba1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d11962cb7e98b57c16ddedc50488592

    SHA1

    bc082f62fa728902c5ca2efbe72e263f596cb806

    SHA256

    1227880eab9b65e4b39e24ffcc673fbb8dc3b7997c408509c8447beeb38b428c

    SHA512

    01cf8e9001c970b06823f858f3349feb87fb4c4a9f2610859d0915a28e633584cb63a6412cf259c2d73793e8600e3b7c2d08198aa4f191e09dd3eb25bf4247df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e505c09de951e17a7896edfd909d6be2

    SHA1

    5b3e6fe04ab856a06acb85765713f016c7e56621

    SHA256

    c09ada3baee192daf113ebe69415b9bef1f3f4cce86367432329865cc6221e69

    SHA512

    310176d2537fa57536edfd7890e9f7f21a650c5bcf21af12ff8843201737a812764df643763bb20fc099d87428d720a1d271af7ddd1eaa9c38cd97d8fc3bbd7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c311985aee61bd81d7d0755326ed8d53

    SHA1

    8ed857f1ab37fb1234292dec15419e13a7e95661

    SHA256

    0c45db35100c50ed4623f74c04de4bfe2a2a6b6e21cb894c2f89a91993d9fed6

    SHA512

    86143ff7a61127a70816c424dfa9c5aba83fc3d9fd7cb4fc4feef42111028e9d92200d15e456e40550307eb722878a491a5bea97fb310300dc074526fa8508be

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f0903881e3ed35269acd2f0b1e53d2f

    SHA1

    ddcb4fc84346127f2f44998d0d5f53dc7f6ad586

    SHA256

    71a66c040f9914907a154f5399f60194901972c1de8bfd488f4944508f5cccf0

    SHA512

    3ab33932a53d22ef16586009a711293a1cdd9e6c694be796e9ec6c916642fc56a73932e16fb21e0cc8c882e596c31cdac188a7d5056929f6e4ec5866e4f4ad15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f1a5c0ab4bf2e2cd7e49436f0f0437a

    SHA1

    53fb488e8680a52e41f3a5bc20582d497418f299

    SHA256

    b0eb5f8556f8bc36c6045849992ae9c17a66679d5e0146ac71011624318c4bd5

    SHA512

    58a470a06bc45715771f16a9910efad963a8e1424b8628095198e25f8ef4df571e942d174436efd56cb15069b667d106752a3607504f2f84fbfd7df73352e4be

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbc35e271ae69c4f591f32f219fff83a

    SHA1

    5d6ea820a508e7e684cb2919bd90658630ed0460

    SHA256

    b4d304d140419cd4fcb74313cfe1b7407d1e45b6191a7378719f8478ea8f3a51

    SHA512

    2b788fb34cfbaf862c0616b6bf6ecbb91db5bdd792a0c533c69dcb8819f5164f9de2e532477345c1c5317f4dee7961f81269b6f23829e0dad5c95e372f53bf38

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    615445fe60df6afd8b53378c13efc97e

    SHA1

    ef8d8532e37c39237a94e0a88cde64d5cc2e5fa1

    SHA256

    76e0d504145835360df4bab056d7cd99c83a536898b9d1d6d898adc5c6b67b79

    SHA512

    5ced78bbd40d3b8f9e6629565e2e807a4b743b5b72eeb858fcdccb5153681de107fea241f97d14afb4c218fd13f1480c4c46dd6b5ca76c07d59ec0697aef162e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96a961fcf70b760fdf2fd8d4271ba0ad

    SHA1

    7c11babacbf3d4f501da596af8d2337b95f3c4d5

    SHA256

    33ff104279206135f24036b4089be209f60d854857e4e31bae89c8c6e63f0864

    SHA512

    38632077761144393007b3142a359bd8fe2b18a1f9ae448e740c54c006084177f439779f1ae3320cadd7b8364f6922b97a203e3ff0df722133cf6c1070c5781f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cdef98caaa3bc8b1dee1dccafcfc8de6

    SHA1

    5e69def176185c4c1ab19161485282af506dac70

    SHA256

    3f7c722655f305db9b6fa7c54c21f31ce1df5006ab5c7230299ae98fb0d0ec2d

    SHA512

    eb5c05594896f162db8121994275a38ac85cb559a2f570b8c7497872064e22b8107eb90921482957a5b050ed5b97f6d8273ca18aef35900389c587aa8836b88b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecb50b936c6ac0e4518d485610a3acd3

    SHA1

    588b2b7cfa34bfd7c7c7f45c810597b2a0278fc7

    SHA256

    eab2aab76f55991a9d15fa8709448e07ec04c2edaf6546069e00ceb28083a0e1

    SHA512

    c274705b516fe6bdad1d0b7baf582c8ddb3051cc8b89820f57bb025552343ee08f31aefdfd91902483bd1427c8d9838ab674d61636f23cfb072c4127caf63ae1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d73c969feedc1210e26409bf5e736898

    SHA1

    d5867686e5f5dbfafdd313c11e1efcc4aeb1fd4a

    SHA256

    2abd01f190983373be00009c575ebc2085d84ad0e75a626cc881f52c4aabe121

    SHA512

    0d02987ccb6377dd5121be789d84a06730fcaa18f62e98fc0bd11582461cee47951d2ddb2da7f7de9e6a71a1e6546decff17f42f6053ed640c86ed69b8e5473c

  • C:\Users\Admin\AppData\Local\Temp\Cab3CD3.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar3DD5.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a