Overview

overview

10

Static

static

10

DefenderControl.exe

windows7-x64

3

DefenderControl.exe

windows10-2004-x64

3

Software U...ol.exe

windows7-x64

10

Software U...ol.exe

windows10-2004-x64

10

Software U...l.html

windows7-x64

3

Software U...l.html

windows10-2004-x64

3

SpyNote v7...ib.dll

windows7-x64

1

SpyNote v7...ib.dll

windows10-2004-x64

1

SpyNote v7...pi.dll

windows7-x64

1

SpyNote v7...pi.dll

windows10-2004-x64

1

SpyNote v7...ib.dll

windows7-x64

1

SpyNote v7...ib.dll

windows10-2004-x64

1

SpyNote v7...nt.jar

windows7-x64

1

SpyNote v7...nt.jar

windows10-2004-x64

1

SpyNote v7...SM.dll

windows7-x64

1

SpyNote v7...SM.dll

windows10-2004-x64

1

SpyNote v7...ld.exe

windows7-x64

3

SpyNote v7...ld.exe

windows10-2004-x64

1

apktool/apktool.bat

windows7-x64

1

apktool/apktool.bat

windows10-2004-x64

1

apktool/apktool.jar

windows7-x64

1

apktool/apktool.jar

windows10-2004-x64

1

apktool/signapk.jar

windows7-x64

1

apktool/signapk.jar

windows10-2004-x64

1

SpyNote v7...ub.apk

android-9-x86

SpyNote v7...ub.apk

android-10-x64

SpyNote v7...ub.apk

android-11-x64

SpyNote v7...va.jar

windows7-x64

1

SpyNote v7...va.jar

windows10-2004-x64

1

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows10-2004-x64

3

platform-t...pi.dll

windows7-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/12/2024, 13:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpyNote v7.0‌‌/Resources/Imports/Payload/Build.exe

  • Size

    59KB

  • MD5

    f677ccdd8c0da08290256c7b0571d95e

  • SHA1

    e1117cf8d51ca270104da6a8d0769f1e2da4aef3

  • SHA256

    29039451fb5617504c67396056a08ea3cc44faaba71a1c181fe62086e533a261

  • SHA512

    25677c0c4a8a7287df275b2ef1819e533d96f52b4592c45c4cae08e372ebd09dcb4c689ddf7ecc8d70445f614493840b581bab80a8f1957c96bc59a3b55001db

  • SSDEEP

    768:IydG14mNbAEJeXSZncqHqGhMBHjFcHTI19hCkCLIh5YcLIF:bwim6E4XSdHthAZk8hCjWVIF

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpyNote v7.0‌‌\Resources\Imports\Payload\Build.exe
    "C:\Users\Admin\AppData\Local\Temp\SpyNote v7.0‌‌\Resources\Imports\Payload\Build.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=Build.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    244f4d1874e09d3dac39c65e6345bb08

    SHA1

    fe74088f26169234251a1cc4d8b2d95c616403d6

    SHA256

    e7c20d873ee6d077f77870252ce9acb4b31398f295613f1d5fc3b7452b2dcdf6

    SHA512

    32bfff3b2a00931b9ea3213efed0beb47fd8070bb8a4c13e395deb72a5e1a79d187bd43352ef2336681395ae4c5e022e5c44ce29c9fb2e115d883e05da65a771

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59a520a794e7ef48b9aa4e39afd198c9

    SHA1

    90fdc81d92e448536de5236e9d2c80efcf3e93ad

    SHA256

    bd1cd126bf9426f6960fb22cd9db814780ad1d24cf7bcddedb910090f77dbef9

    SHA512

    f5c2faf5922702beb1d0a171e8a04faa9eb72af4091cc5b35402b921c625cbc82ec04f2e46b51e65fb027c14d5273b48890f0fb1b104a38da40b63651f461d66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad7c552fb20c2b64d4c04934b26058e5

    SHA1

    0a9f3677614cd666d1431f4aedbe01c633c28b0f

    SHA256

    039720cedd565ef407a0e1a790f0e314c005774b7fe27297b60f3ff68dbfa098

    SHA512

    c1618fccfe75ece19f26420d47a863db5353729f98a97b5f87c1435f4afaf844a667fc28ee808b543e6c1085b5c192bf89783f58941659640351ef8958854946

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75e045526c73543ab4e8b6dfc078a424

    SHA1

    d1bc846d702d9bdf5af3a9d907e669dc4461f6d5

    SHA256

    764bbc5cf103569d4c323ed6ed7487a1aaaa769fc2d8f1c4fad14e51b69e085d

    SHA512

    d13e5a332718834c3102d0162a709ef9a1c0e363ceaeb23f0e4d26c0d1cb40e66d8aefa2a60139ad6c53fc545e9a80e83e5f2eb117d8ef5731fc3fcdd6477953

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90f9e0ce742c3fa0349f5fa68b4e56f5

    SHA1

    bfb8eb4181fb79a01ff7fdcf59b78c33ceb88735

    SHA256

    9bb0d584bf69be7a944651693cbebb74775b0e6a540b6882501220f3f2f323f1

    SHA512

    7908954c172db37aee50390c4508e078cec1ed252d0c62e4b9579ca1fbeb1c1143b02b858b5d7e443cd728d49901021cab4e35294cc187bca55a36bc9b59ae1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49a46037bd8d393f913e2645628dbc6c

    SHA1

    68bf20def00daa4c1bfcc7a788de233e45e5f0c5

    SHA256

    0082948be4ccb6263957344f1680f3d07d3f4fce7304c2cbcaf1ee27ab4f3463

    SHA512

    7ec3f83b21bf876191856c4513d94da3c5e90b747f19b277a25030d099f3a01793de6750abc1e6990274dd6899e9848b1a2b8c223da0811074ad0b3e910450db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ad9a7efb57a4c8f87ecfaf96e59bc4e

    SHA1

    2137971b45e4acdc0cb22cc9c6a6bdb680bb63ba

    SHA256

    942de9c1bad60b7f09c057efdfb44177cc556d579872cf3577ac81e525e39f1a

    SHA512

    025cfde017008f89f00797e91c1e43c36f3119dd808d24d17c96c6044c9fc0447a7ee57f163ed2c8c3ca9c8fa2edeeb37781161b06b313c66f7eff1815bf1600

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c28a836779a8cf671618415061b23cf

    SHA1

    105d78da47f898b9d7ec98c6531f5dc0e0ee3057

    SHA256

    56db0f50284790d66e44c4ba4b3745b0a3d6d9ee85894b0d0e89f992b92adf06

    SHA512

    29396feb4aa652109c9780eff5b95ac7f5de1aa5112b9d7ea86bc5a40350bd38d889b712a1e8f9fde0695656df71c80c3d02c1c1e9354de1c54e7b29e428fc9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b6e8d462c1a780c95c3db41e8d165c4

    SHA1

    700a7a7896fc8ad1eed521e99882adfa8db3f308

    SHA256

    7c4213ea527d9e0be8e0e22df088a6b26c60b035e291e632a990d5e9409e2485

    SHA512

    40858b3a6aa73a3cdefa59190b9f64212547da0eb955a120b3c742e4f7a0b4e6f3c17de99cd1cf83931563d14d75a5d13453264154dbbb6e9373c5f024c1c810

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92416c34e37cfc5f33977e24b3e07b4d

    SHA1

    27dbf5ea3435de7541d2078750279fea3fce2994

    SHA256

    67b6d3e898a126cd55c316c2e306a9815a48432b87b6b0786dc0f8aac8737a28

    SHA512

    8545bdcf887c7294ae3957afdc1e4954d77188b41d2a525a81751fda13af40f7760a617cebdf6c59ea20c10f812894ef781d1c880f7e75273d71e2cb67a5d99d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bd3ef9d5b8ca808734ea561d1058c12

    SHA1

    8b9d075e3c22810e6577bd88078c9ccfea14470d

    SHA256

    be2efa50622d01abb123f0fd9128f4ed84af4fc2ea40f551e48678195bdfe84f

    SHA512

    c104599e8034127afc1139ff0278e17c051b532862cdd196738dfbd9c461d128cc07a20646312ff8bc64236d5f4e54a5e5b188b8efa96f3f14c4dd06280ef5c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea520e792575b1f42ab286ddd35bb729

    SHA1

    b5b1103e0481965608f6ace37fe03384d8a7d5c8

    SHA256

    23b3a273e76c76a49599fd5a845b4b265c1493f0662086ce42373e54ba5e4e95

    SHA512

    6f4517e3edd6777b95760e6f7249c679506cf3f080694145f1cc889d064d64bf75bd1efd0eb86d025a5f096c5a1d2b97aac7206b3524385bb1ed84fe19d5562e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efea2955ac0ff648b17163feff0f0969

    SHA1

    2a7032c65883ce39b433891d2ef94bc54528f5d5

    SHA256

    3de9018c50670778873b5868e06e36d7e015d22a907a9efd6122b803f1540839

    SHA512

    28a7bd13561dbae5c1b317c0e7fb5933e01075108584e9bed257085c2740430d54b770ab3f2c4f9fd89ca27e1ec3c870ab0b5be954b5153a904612d7e6877780

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3083128fba79d2855c4bd472de2ae83d

    SHA1

    2179934b630531a704643b50d27b68263b1f883f

    SHA256

    e3dd4784ce64a5a2309d379af471225ed5e525ff2938fd1a5ad8895ba88f9880

    SHA512

    57e3d9ae2411306729dc6f30a40d988fcf0a307cfdc1085e4343a3e46102fc4cd99646244453e6dc9b5aa6e8d01cee8ca528b556bc33e8ea636289f1a24cd25a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFCD8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFCFA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit