Overview

overview

10

Static

static

10

SpyNote v7...��.zip

windows10-ltsc 2021-x64

8

Software U...rol.7z

windows10-ltsc 2021-x64

1

DefenderControl.exe

windows10-ltsc 2021-x64

3

SpyNote v7...ib.dll

windows10-ltsc 2021-x64

1

SpyNote v7...pi.dll

windows10-ltsc 2021-x64

1

SpyNote v7...ib.dll

windows10-ltsc 2021-x64

1

SpyNote v7...nt.jar

windows10-ltsc 2021-x64

1

SpyNote v7...IP.dat

windows10-ltsc 2021-x64

3

SpyNote v7...BU.inf

windows10-ltsc 2021-x64

1

SpyNote v7...ld.exe

windows10-ltsc 2021-x64

1

SpyNote v7...xe.xml

windows10-ltsc 2021-x64

3

SpyNote v7...ol.zip

windows10-ltsc 2021-x64

1

apktool/apktool.bat

windows10-ltsc 2021-x64

1

apktool/apktool.jar

windows10-ltsc 2021-x64

1

apktool/signapk.jar

windows10-ltsc 2021-x64

1

SpyNote v7...ub.apk

windows10-ltsc 2021-x64

3

SpyNote v7...va.jar

windows10-ltsc 2021-x64

1

platform-t...pi.dll

windows10-ltsc 2021-x64

3

platform-t...pi.dll

windows10-ltsc 2021-x64

3

platform-t...db.exe

windows10-ltsc 2021-x64

3

platform-t...ns.zip

windows10-ltsc 2021-x64

1

SpyNote v7...in.exe

windows10-ltsc 2021-x64

1

SpyNote v7...��.exe

windows10-ltsc 2021-x64

8

SpyNote v7...co.scr

windows10-ltsc 2021-x64

10

SpyNote v7...pk.jar

windows10-ltsc 2021-x64

1

软件使�...rol.7z

windows10-ltsc 2021-x64

1

软件使�...ol.exe

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    97s
  • max time network
    127s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    20-12-2024 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpyNote v7.0‌‌/Resources/Imports/GeoIP/GeoIP.dat

  • Size

    1.1MB

  • MD5

    2fbec46d430f57befcde85b86c68b36e

  • SHA1

    3ff9829e3242deb69a7fde0832b7d9345b925afc

  • SHA256

    681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a

  • SHA512

    42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

  • SSDEEP

    24576:3nHFtqj0+DZBNJvOL1h5NsVOQu7MgAsrmPQbdclxkghoIes:3ltqjRDZZehvsVOQu7MgOPkKSghks

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\SpyNote v7.0‌‌\Resources\Imports\GeoIP\GeoIP.dat"
    1⤵
    • Modifies registry class
    PID:1288
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads