Resubmissions
28-05-2024 19:52
240528-ylhmssba38 1028-05-2024 19:47
240528-yhpxpshf61 1028-05-2024 19:46
240528-yhassahf5v 1028-05-2024 18:14
240528-wvqzesfg97 10Analysis
-
max time kernel
148s -
max time network
275s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28-05-2024 19:47
Behavioral task
behavioral1
Sample
SpyNote5 (Cyber cafe ).rar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SpyNote5 (Cyber cafe ).rar
Resource
win10v2004-20240426-en
General
-
Target
SpyNote5 (Cyber cafe ).rar
-
Size
9.7MB
-
MD5
69ea765cf1a8982992867d8e470667d6
-
SHA1
8bd05148ee5c3376c5f48d7be4039906033f6325
-
SHA256
65a925eea46a44c117435c1e27117dad4f66704c4035c90fc610e657d9eba453
-
SHA512
f4f8aaf98c37753f458361ad6428b9a9de513c92fa0ffe81cec52cf63881e63e2eccfd0a67213439a68e5657e3f0d39e9129a6af01d1145c28ca0560fd298961
-
SSDEEP
196608:+2cClgW5PPJV7auem51echdPCgIb+wJM4zK4w2MBTaBr61yFIKzLxgAmOVqk19:+2bLJxa9O1e0PN6HYbTaBr61wJgA9B
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
OpenWith.exepid process 744 OpenWith.exe 744 OpenWith.exe 744 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\SpyNote5 (Cyber cafe ).rar"1⤵
- Modifies registry class
PID:996
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:744
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4976