| File name: | SpyNote Black Edition ( infinityhacks.net ).zip |
| Full analysis: | https://app.any.run/tasks/aa1e1410-c250-4d1a-a908-db4de7fd2ac4 |
| Verdict: | Malicious activity |
| Analysis date: | February 07, 2022, 21:17:20 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 5F8FB0036C8D0923DE49FF421935DE91 |
| SHA1: | 243FFB657545A052CA49AF6BA4E876E45182DFE8 |
| SHA256: | 011C771FF253F37CE942D8319CF1A75339A31544F6DD84F83AC16A9C39882EB8 |
| SSDEEP: | 393216:u4VWsO1s0LBWYyLtyWpe76inzEIgbFDY0cYMFS:uWWm0LwYqtjEPgbFDY0+FS |
MALICIOUS
Application was dropped or rewritten from another process
- SpyNote Black Edition.exe (PID: 2676)
- SpyNote Black Edition.exe (PID: 2272)
SUSPICIOUS
Checks supported languages
- WinRAR.exe (PID: 3760)
- SpyNote Black Edition.exe (PID: 2272)
Reads the computer name
- WinRAR.exe (PID: 3760)
- SpyNote Black Edition.exe (PID: 2272)
Drops a file that was compiled in debug mode
- WinRAR.exe (PID: 3760)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 3760)
Reads Environment values
- SpyNote Black Edition.exe (PID: 2272)
Drops a file with a compile date too recent
- WinRAR.exe (PID: 3760)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | CoreAudioApi.dll |
|---|---|
| ZipUncompressedSize: | 25088 |
| ZipCompressedSize: | 10971 |
| ZipCRC: | 0x9ab3fb10 |
| ZipModifyDate: | 2017:03:19 06:24:24 |
| ZipCompression: | Deflated |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 20 |
Total processes
40
Monitored processes
3
Malicious processes
3
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2272 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: SpyNote V6.4 Exit code: 0 Version: 6.4.0.0 | ||||
| 2676 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: SpyNote V6.4 Exit code: 3221226540 Version: 6.4.0.0 | ||||
| 3760 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SpyNote Black Edition ( infinityhacks.net ).zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
7
Suspicious files
4
Text files
543
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Audio\c.wav | wav | |
MD5:27096BEF1DC9B799CDA15F750F03DEBE | SHA256:59AC30EA0CC45B94A8D5DFA7A2066DEC9C9510629999326FBD95FB92E8B06AB9 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.google.png | image | |
MD5:A9167F9901E0BFE4F4D3696CB894D7F2 | SHA256:9C93E054668C0F1702DDE013F1C662A67A2927DCF159DD430AC900CE8ED18BCD | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.whatsapp.png | image | |
MD5:DCF45DF26E2CEADF027DC3CAB1A44B84 | SHA256:D0E60E17EB46F9CFF30AB4EF170BA90B4B9B77B4EEB48BA476611347D6421F25 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.bbm.contacts.png | image | |
MD5:5343892A5AEBBA75AD7485437151A5DA | SHA256:35BBB89EC6ACEEAF456C11E00FFCC8B9B08A642F22BA136B2E16AE49A2CA4767 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AppProperties\Activities.png | image | |
MD5:82F0DFF489C3E89DCEDCE30A83DC8FF7 | SHA256:7849AEAE0621D68F0120A4EE284F43A063E68830AE27D6B16152A424B4F05CB6 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\org.telegram.messenger.png | image | |
MD5:7501198AE01A5DDB14D6BCCA6CB8063A | SHA256:6913959595D510DB620CFEAD0D1240C6415082DC5C5405A573C8410033D6D2EF | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AppProperties\Permissions.png | image | |
MD5:5F5EEF9FB0E05520641C6F814B71C1A1 | SHA256:45D5048018C3AE7ACCFDC8730DFE854D0F759B01BE10CC875BD293BA494B6EBA | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\org.telegram.plus.png | image | |
MD5:7501198AE01A5DDB14D6BCCA6CB8063A | SHA256:6913959595D510DB620CFEAD0D1240C6415082DC5C5405A573C8410033D6D2EF | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.twitter.android.auth.login.png | image | |
MD5:911FA3FE86E280E9594B17D1C49CABFE | SHA256:B22A3B32746ACF7E778308F4A894C95151BD4C8D728CBB4180BBC025C543663D | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AppProperties\Receivers.png | image | |
MD5:D5ABB61DDFBD6180AF08DEEB7AF131D5 | SHA256:E3518C96BE9323AE6E153849FB84645A2B7FFCEEB8362208C31FACFC91921BBD | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report