| File name: | SpyNote Black Edition ( infinityhacks.net ).zip |
| Full analysis: | https://app.any.run/tasks/aa1e1410-c250-4d1a-a908-db4de7fd2ac4 |
| Verdict: | Malicious activity |
| Analysis date: | February 07, 2022, 21:17:20 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 5F8FB0036C8D0923DE49FF421935DE91 |
| SHA1: | 243FFB657545A052CA49AF6BA4E876E45182DFE8 |
| SHA256: | 011C771FF253F37CE942D8319CF1A75339A31544F6DD84F83AC16A9C39882EB8 |
| SSDEEP: | 393216:u4VWsO1s0LBWYyLtyWpe76inzEIgbFDY0cYMFS:uWWm0LwYqtjEPgbFDY0+FS |
MALICIOUS
Application was dropped or rewritten from another process
- SpyNote Black Edition.exe (PID: 2272)
- SpyNote Black Edition.exe (PID: 2676)
SUSPICIOUS
Drops a file that was compiled in debug mode
- WinRAR.exe (PID: 3760)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 3760)
Checks supported languages
- WinRAR.exe (PID: 3760)
- SpyNote Black Edition.exe (PID: 2272)
Reads the computer name
- WinRAR.exe (PID: 3760)
- SpyNote Black Edition.exe (PID: 2272)
Drops a file with a compile date too recent
- WinRAR.exe (PID: 3760)
Reads Environment values
- SpyNote Black Edition.exe (PID: 2272)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | CoreAudioApi.dll |
|---|---|
| ZipUncompressedSize: | 25088 |
| ZipCompressedSize: | 10971 |
| ZipCRC: | 0x9ab3fb10 |
| ZipModifyDate: | 2017:03:19 06:24:24 |
| ZipCompression: | Deflated |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 20 |
Total processes
40
Monitored processes
3
Malicious processes
3
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2272 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: SpyNote V6.4 Exit code: 0 Version: 6.4.0.0 | ||||
| 2676 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\SpyNote Black Edition.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: SpyNote V6.4 Exit code: 3221226540 Version: 6.4.0.0 | ||||
| 3760 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SpyNote Black Edition ( infinityhacks.net ).zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
7
Suspicious files
4
Text files
543
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.dropbox.android.account.png | image | |
MD5:4E06AEDB09DC5726A8F14126EFFB08AF | SHA256:A013F12F38F6BE308711E29790A7FB0C6CB7C059D3574DDD775AA0B4E2DB8607 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Audio\c.wav | wav | |
MD5:27096BEF1DC9B799CDA15F750F03DEBE | SHA256:59AC30EA0CC45B94A8D5DFA7A2066DEC9C9510629999326FBD95FB92E8B06AB9 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Audio\v.wav | wav | |
MD5:BE7F24DF931EC418454ECCC5A09EEDF3 | SHA256:7479105848352A1CCCC52EB6D47C06A762EC2DFD7C157D06102CF3CB1C93D93E | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\account.png | image | |
MD5:37B34268C25A9BF7EBF61DD220382F5F | SHA256:2D522164E403478E178483DFD9D1F31BA2E8E8E9056F967AA626308E39AA6BD0 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.bbm.contacts.png | image | |
MD5:5343892A5AEBBA75AD7485437151A5DA | SHA256:35BBB89EC6ACEEAF456C11E00FFCC8B9B08A642F22BA136B2E16AE49A2CA4767 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.google.png | image | |
MD5:A9167F9901E0BFE4F4D3696CB894D7F2 | SHA256:9C93E054668C0F1702DDE013F1C662A67A2927DCF159DD430AC900CE8ED18BCD | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.sec.android.app.sns3.twitter.png | image | |
MD5:911FA3FE86E280E9594B17D1C49CABFE | SHA256:B22A3B32746ACF7E778308F4A894C95151BD4C8D728CBB4180BBC025C543663D | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.whatsapp.png | image | |
MD5:DCF45DF26E2CEADF027DC3CAB1A44B84 | SHA256:D0E60E17EB46F9CFF30AB4EF170BA90B4B9B77B4EEB48BA476611347D6421F25 | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\Resources\Icons\AccountManager\com.twitter.android.auth.login.png | image | |
MD5:911FA3FE86E280E9594B17D1C49CABFE | SHA256:B22A3B32746ACF7E778308F4A894C95151BD4C8D728CBB4180BBC025C543663D | |||
| 3760 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3760.31300\CoreAudioApi.dll | executable | |
MD5:6A009B7C4B252788D80D4E40ADCF51CE | SHA256:DF6115987161EE1238F9564BD10C998D9016F582E5B7B9D23D21A74D6955BDD3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report