Overview

overview

10

Static

static

10

SpyNote_v6...pi.dll

windows7-x64

1

SpyNote_v6...pi.dll

windows10-2004-x64

1

SpyNote_v6...6.html

windows7-x64

3

SpyNote_v6...6.html

windows10-2004-x64

3

SpyNote_v6...2.html

windows7-x64

3

SpyNote_v6...2.html

windows10-2004-x64

3

SpyNote_v6...9.html

windows7-x64

3

SpyNote_v6...9.html

windows10-2004-x64

3

SpyNote_v6...SM.dll

windows7-x64

1

SpyNote_v6...SM.dll

windows10-2004-x64

1

SpyNote_v6...SL.exe

windows7-x64

1

SpyNote_v6...SL.exe

windows10-2004-x64

1

apktool/apktool.bat

windows7-x64

1

apktool/apktool.bat

windows10-2004-x64

1

apktool/apktool.jar

windows7-x64

1

apktool/apktool.jar

windows10-2004-x64

1

apktool/signapk.jar

windows7-x64

1

apktool/signapk.jar

windows10-2004-x64

1

SpyNote_v6...va.jar

windows7-x64

1

SpyNote_v6...va.jar

windows10-2004-x64

1

SpyNote_v6...sS.exe

windows7-x64

1

SpyNote_v6...sS.exe

windows10-2004-x64

1

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows10-2004-x64

3

platform-t...pi.dll

windows7-x64

3

platform-t...pi.dll

windows10-2004-x64

3

platform-t...db.exe

windows7-x64

3

platform-t...db.exe

windows10-2004-x64

3

platform-t...mp.exe

windows7-x64

1

platform-t...mp.exe

windows10-2004-x64

3

platform-t...ol.exe

windows7-x64

1

platform-t...ol.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    600s
  • max time network
    489s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-02-2025 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpyNote_v6.4/Resources/Clients/Vicitim_354051091211537/Apps/2021-27-9--17-10-52.html

  • Size

    9KB

  • MD5

    6a9f214598268f6b9754d0c6b3c29cfd

  • SHA1

    80858e5c88c4f875a03879eeb7f427e4c63f0981

  • SHA256

    70cb40871f1ca0e710697d82ae1d48d4236ef4d82ac4af897558a6397baa0748

  • SHA512

    56d9f796aa974a612486454ac0e7d1218ddbaf06447f85c1cb62efc943346adf71d98d5026ab54bff88cd087155a0b008f73be290808a350538e0e78a1e7026d

  • SSDEEP

    96:qa3FAwO96Fuf6/aFdAy7hLp209NSTWd3hC3CYvFrGSpI:qa39QmTH3CYvI

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\SpyNote_v6.4\Resources\Clients\Vicitim_354051091211537\Apps\2021-27-9--17-10-52.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc309e46f8,0x7ffc309e4708,0x7ffc309e4718
      2⤵
        PID:2700
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
        2⤵
          PID:4988
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
          2⤵
            PID:3444
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
            2⤵
              PID:2196
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
              2⤵
                PID:3664
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                2⤵
                  PID:2724
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4512
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                  2⤵
                    PID:5104
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                    2⤵
                      PID:2748
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
                      2⤵
                        PID:2836
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                        2⤵
                          PID:4536
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,356247317484914044,1855667286114233595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:220
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3808
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3668

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\660af6d0-41be-499e-8a3d-ac521bf5e0f3.tmp
                            Filesize

                            11KB

                            MD5

                            c2ac355e0c1856650ef1493ef0514e1c

                            SHA1

                            7cd1aef590d0caf6a993641d55a06b5505516499

                            SHA256

                            8b8daeee348b890509ba89385357567d56b6fe6928315dffc5cb142dda3a162c

                            SHA512

                            853034ea7e3ebeada43646f4a0aa4ca2bd1de27c894bd4ce5c78e528e9ba9b0a72a74d399a93a44c7159ddc7b64eeb5b334367aa5bba3ac4ee46df19415bda4e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            6738f4e2490ee5070d850bf03bf3efa5

                            SHA1

                            fbc49d2dd145369e8861532e6ebf0bd56a0fe67c

                            SHA256

                            ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab

                            SHA512

                            2939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            93be3a1bf9c257eaf83babf49b0b5e01

                            SHA1

                            d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a

                            SHA256

                            8786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348

                            SHA512

                            885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            be720315960bfa20b6e5bb2339cb2f78

                            SHA1

                            c2459a9e060b7253fb62e4cd8de9b8912ec4b982

                            SHA256

                            811f71bef7010d3ca45fb218b1e350052e68fa2a451523802c8d670dc7c910a7

                            SHA512

                            8051a03754673aa19f701a983a64165152678e0623a1ca5696845924b5252b0b35621da36ce852210700dada8b84be9d6d9544515c5584a5e24639cfd2cbc975

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            4afb490d442ed795d4cb1b7cba96cc36

                            SHA1

                            b416f3f367952528acc03c321bc4543048297aee

                            SHA256

                            af49d35693520ae81cbd4d0c60122b14cf639b1d027fc0ac7e01d7ceb3e3d5fd

                            SHA512

                            f46f47ccc2f5f20e2f4e82def086f5ecb46b9d91af072152b79752eab3b5095b69a21e56989399969b560d7044dd87d26c4320d179ca0a516943bd5e1f767680

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit