| File name: | SpyNote Black Edition ( infinityhacks.net ).zip |
| Full analysis: | https://app.any.run/tasks/aa1e1410-c250-4d1a-a908-db4de7fd2ac4 |
| Verdict: | Malicious activity |
| Analysis date: | February 07, 2022, 21:17:20 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 5F8FB0036C8D0923DE49FF421935DE91 |
| SHA1: | 243FFB657545A052CA49AF6BA4E876E45182DFE8 |
| SHA256: | 011C771FF253F37CE942D8319CF1A75339A31544F6DD84F83AC16A9C39882EB8 |
| SSDEEP: | 393216:u4VWsO1s0LBWYyLtyWpe76inzEIgbFDY0cYMFS:uWWm0LwYqtjEPgbFDY0+FS |
MALICIOUS
Application was dropped or rewritten from another process
- SpyNote Black Edition.exe (PID: 2676)
- SpyNote Black Edition.exe (PID: 2272)
SUSPICIOUS
Reads the computer name
- WinRAR.exe (PID: 3760)
- SpyNote Black Edition.exe (PID: 2272)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 3760)
Checks supported languages
- WinRAR.exe (PID: 3760)
- SpyNote Black Edition.exe (PID: 2272)
Drops a file with a compile date too recent
- WinRAR.exe (PID: 3760)
Drops a file that was compiled in debug mode
- WinRAR.exe (PID: 3760)
Reads Environment values
- SpyNote Black Edition.exe (PID: 2272)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | CoreAudioApi.dll |
|---|---|
| ZipUncompressedSize: | 25088 |
| ZipCompressedSize: | 10971 |
| ZipCRC: | 0x9ab3fb10 |
| ZipModifyDate: | 2017:03:19 06:24:24 |
| ZipCompression: | Deflated |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 20 |
Total processes
40
Monitored processes
3
Malicious processes
3
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2272 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: SpyNote V6.4 Exit code: 0 Version: 6.4.0.0 | ||||
| 2676 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: SpyNote V6.4 Exit code: 3221226540 Version: 6.4.0.0 | ||||
| 3760 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SpyNote Black Edition ( infinityhacks.net ).zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
7
Suspicious files
4
Text files
543
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Audio\v.wav | wav | |
MD5:BE7F24DF931EC418454ECCC5A09EEDF3 | SHA256:7479105848352A1CCCC52EB6D47C06A762EC2DFD7C157D06102CF3CB1C93D93E | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\CoreAudioApi.dll | executable | |
MD5:6A009B7C4B252788D80D4E40ADCF51CE | SHA256:DF6115987161EE1238F9564BD10C998D9016F582E5B7B9D23D21A74D6955BDD3 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.android.email.png | image | |
MD5:1FC4ABE2F26276C04B55591BD0A584C3 | SHA256:6E68465A4C4E86F84517A3B230510E4D5D2F163744CD592C55DA8A89B0C866F5 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.bbm.account.png | image | |
MD5:5343892A5AEBBA75AD7485437151A5DA | SHA256:35BBB89EC6ACEEAF456C11E00FFCC8B9B08A642F22BA136B2E16AE49A2CA4767 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.dropbox.android.account.png | image | |
MD5:4E06AEDB09DC5726A8F14126EFFB08AF | SHA256:A013F12F38F6BE308711E29790A7FB0C6CB7C059D3574DDD775AA0B4E2DB8607 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Audio\c.wav | wav | |
MD5:27096BEF1DC9B799CDA15F750F03DEBE | SHA256:59AC30EA0CC45B94A8D5DFA7A2066DEC9C9510629999326FBD95FB92E8B06AB9 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\account.png | image | |
MD5:37B34268C25A9BF7EBF61DD220382F5F | SHA256:2D522164E403478E178483DFD9D1F31BA2E8E8E9056F967AA626308E39AA6BD0 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\org.telegram.plus.png | image | |
MD5:7501198AE01A5DDB14D6BCCA6CB8063A | SHA256:6913959595D510DB620CFEAD0D1240C6415082DC5C5405A573C8410033D6D2EF | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\org.telegram.messenger.png | image | |
MD5:7501198AE01A5DDB14D6BCCA6CB8063A | SHA256:6913959595D510DB620CFEAD0D1240C6415082DC5C5405A573C8410033D6D2EF | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\Bar\gps.png | image | |
MD5:735A9EABB7CD9A4F31B08C24CF3A905D | SHA256:7142F424130CA442541021619C5F3F8607158F44535F0972077D79D4CA2845C9 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report