Overview

overview

10

Static

static

10

4f3b59864c...68.exe

windows10-ltsc 2021-x64

10

Smart Bind...er.exe

windows10-ltsc 2021-x64

10

SpyNet.exe

windows10-ltsc 2021-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    20-01-2025 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpyNet.exe

  • Size

    2.0MB

  • MD5

    98de7bcad1ba2caf74007bd97bc2b505

  • SHA1

    8a79d06159a339313b810f23835b8417429dd356

  • SHA256

    e4b3b3e72bd3bf4052a3136cb811ea54923bc2d7807709992e0345743d49ced8

  • SHA512

    ef57cc4f0ad4bf1f54baaf7213bf868c418eebfb0eee3c32ff376b67d5d5337c35a94a1418951d82aae371820ce37eade7cf0a74ce54a4198e18327bd232a35d

  • SSDEEP

    49152:GhwHJZqdp7orGOA0jhE6wSZCTIzY7wXSxQ5E+X6Oftn/Z9s0K:GhwHJZUp7orG90NE6KIM7wXr5EI6OR/7

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 8 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpyNet.exe
    "C:\Users\Admin\AppData\Local\Temp\SpyNet.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:728
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Users\Admin\AppData\Local\Temp\teste.vbs"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IP.txt
    Filesize

    132KB

    MD5

    ef43d60b6a43665d9fffaa76693d48b1

    SHA1

    78cdc51d09efec9112707d7121767b1674e80548

    SHA256

    241527c081d7aee8f3bc11fe05d95aa73657d7c030f20d7cfeff1338e028556d

    SHA512

    f743d2666d9b0970932112fc846ff64e120a521a085afd76c485686ec37451b782b304ecdb69d3774d37434151d5e6582b0c825524d0c7e0ec45b2f9a72a3d83

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Language\Default.ini
    Filesize

    14KB

    MD5

    ee9826fd3883b9756896baed5d076cc6

    SHA1

    d1c829cabcb967410e03489723d9e51b9549d6f6

    SHA256

    e06ff3e2b4cf78d6147d00dbfd00066751d1d6680b3dd672e861574741a894d9

    SHA512

    404cfe3632fc3614a0e686504a2edcdf984aab20afc8fc4c7785d76bd52bf466078e756838c2ce5350439ad128756e55e1c3b12f3badd70fba8e74d171a05538

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Settings\Settings.ini
    Filesize

    1KB

    MD5

    448a49c2d7253c927e820056e9e7ea8b

    SHA1

    c7171c7b597beea4bb584319ddac80eadee5d3be

    SHA256

    afcc1b53d0e2ef177754d4f6ae9ab391e7115e39fc73caaabcb3cd585c2e4c7c

    SHA512

    54dc9c1eba0154aa648ec317c51642fd88d7dcd50b4e5f1eea5c67e1c7db91a7e8cb97d0b538e4a280d91a65fea8baa888734960fbf636b7067ac407840a5224

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\teste.txt
    Filesize

    2B

    MD5

    81051bcc2cf1bedf378224b0a93e2877

    SHA1

    ba8ab5a0280b953aa97435ff8946cbcbb2755a27

    SHA256

    7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

    SHA512

    1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\teste.vbs
    Filesize

    841B

    MD5

    615964e5ab63a70f0e205a476c48e356

    SHA1

    292620321db69d57ba23fa98d2a89484ddcf83d0

    SHA256

    38a2c0e90a7c86eb5355710dd205f22f84dbba59e688cd3da6394af8c924a102

    SHA512

    69886825baf2075f8e6cdc50b0b34f92d5d06d42db4586396fb3db806fef79986ba5754c7b1251b007cde4f943efe9e3d27800dd7e15f8084fd7e7e6046c3ccc

    Download Submit

  • memory/728-1073-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1075-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1-0x0000000001060000-0x0000000001061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/728-1069-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1071-0x0000000001060000-0x0000000001061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/728-1070-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1072-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/728-0-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1074-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-3-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/728-1076-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1077-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1078-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1079-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1080-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1081-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1082-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1083-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1084-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/728-1085-0x0000000000400000-0x0000000000957000-memory.dmp

    Filesize

    5.3MB

    Download