65a925eea46a44c117435c1e27117dad4f66704c4035c90fc610e657d9eba453

Resubmissions

28-05-2024 19:52

240528-ylhmssba38 10

28-05-2024 19:47

240528-yhpxpshf61 10

28-05-2024 19:46

240528-yhassahf5v 10

28-05-2024 18:14

240528-wvqzesfg97 10

Analysis

max time kernel
148s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpyNote5 (Cyber cafe ).rar
Size

9.7MB
MD5

69ea765cf1a8982992867d8e470667d6
SHA1

8bd05148ee5c3376c5f48d7be4039906033f6325
SHA256

65a925eea46a44c117435c1e27117dad4f66704c4035c90fc610e657d9eba453
SHA512

f4f8aaf98c37753f458361ad6428b9a9de513c92fa0ffe81cec52cf63881e63e2eccfd0a67213439a68e5657e3f0d39e9129a6af01d1145c28ca0560fd298961
SSDEEP

196608:+2cClgW5PPJV7auem51echdPCgIb+wJM4zK4w2MBTaBr61yFIKzLxgAmOVqk19:+2bLJxa9O1e0PN6HYbTaBr61wJgA9B

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exe

pid process

744 OpenWith.exe
744 OpenWith.exe
744 OpenWith.exe

pid	process
744	OpenWith.exe
744	OpenWith.exe
744	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\SpyNote5 (Cyber cafe ).rar"
1⤵
- Modifies registry class
PID:996

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads