Overview

overview

8

Static

static

URLScan

urlscan

https://github.com/A...

windows7-x64

8

https://github.com/A...

windows10-2004-x64

8

Analysis

  • max time kernel
    67s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2022, 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/AimbotPro2/SynapseXCrack/blob/main/Synapse%20X%20Crack/Synapse%20Launcher.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/AimbotPro2/SynapseXCrack/blob/main/Synapse%20X%20Crack/Synapse%20Launcher.exe
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1348
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1044
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe
        "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    1ef80bfff3703148c179b918ec467e76

    SHA1

    36f8b0d80cc6015df327e15125e8531a428d6881

    SHA256

    a80b642ff08f11d9bd176cc240c1a7fdb4ce5309c5114949901b05e1bd1210de

    SHA512

    11faefa7791eae3550f04daf132a52a372ffd2ecb11734fdc79efbecd6b55e61836300648c73756775f6f179ee001574f75c9c5387a5d22d1465f33a77400cdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat
    Filesize

    5KB

    MD5

    7ec0c9d246310963bb304444a2e625ac

    SHA1

    b22f80e2da9f89ab7f8ff0ad9b4b8c4d9f5139f8

    SHA256

    64bb61cc82643c66b2d93b024ffe41b5eba09f919929855df3232309498439d0

    SHA512

    b093d50187c191b36ae60ef8380bc38fd59c1cbe6a99cdfa24c899d0fcaeb8f5325fa2d4457451bf6b8609ed70b713c135c6fc2bb8f95d268e6c98dd4ebaf3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe
    Filesize

    7.5MB

    MD5

    ba3dfb5265c82c5ec9cd1e51c5f1ffaf

    SHA1

    86027debeb3ab05bfcd545079b4e993f54fcf354

    SHA256

    ed7cd2476a127d79b8f4a39c238b21442e3a5938627e4e815b0e681188afe6d4

    SHA512

    e8cae5c12df349517b1e12a18fb9ef2edf56d3bffb155fcff4531865182ba78fa7d59a670e61decc694dca6a2bd2b756a3d8cec040d0ea96279861cfa8870444

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe
    Filesize

    7.5MB

    MD5

    ba3dfb5265c82c5ec9cd1e51c5f1ffaf

    SHA1

    86027debeb3ab05bfcd545079b4e993f54fcf354

    SHA256

    ed7cd2476a127d79b8f4a39c238b21442e3a5938627e4e815b0e681188afe6d4

    SHA512

    e8cae5c12df349517b1e12a18fb9ef2edf56d3bffb155fcff4531865182ba78fa7d59a670e61decc694dca6a2bd2b756a3d8cec040d0ea96279861cfa8870444

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe.qkx5do4.partial
    Filesize

    7.5MB

    MD5

    ba3dfb5265c82c5ec9cd1e51c5f1ffaf

    SHA1

    86027debeb3ab05bfcd545079b4e993f54fcf354

    SHA256

    ed7cd2476a127d79b8f4a39c238b21442e3a5938627e4e815b0e681188afe6d4

    SHA512

    e8cae5c12df349517b1e12a18fb9ef2edf56d3bffb155fcff4531865182ba78fa7d59a670e61decc694dca6a2bd2b756a3d8cec040d0ea96279861cfa8870444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\github.com_Blank-c_10442\python310.dll
    Filesize

    1.4MB

    MD5

    44f69298cbea9f2482b74d5ad1007293

    SHA1

    f56d9b7394398173546245dddb668d4253eb9016

    SHA256

    f7e9f9ec45f2dd104e9fb0802d0ced5e45e23227c3d0626e177ab0de893b7eca

    SHA512

    cb60c39c618bfdf16c07a044623f9cc5369b27f17ef6b26526ea8de87d99583274122360e125e5d2c493127b2430440ffd8509271abcbdc4cc3f658b69155f25

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\05ANB0IQ.txt
    Filesize

    608B

    MD5

    1db83571834052183186e89df31c7279

    SHA1

    dd4ce3bd9ec9d00dcace46f1e5bac27a30f69f56

    SHA256

    89d02dbc8bf01c1ef069a1858b07e4f75b208931b3462145c358aeb973687b8f

    SHA512

    399902bb46f52eb5a33066acbd47500c2f487539adfd98e686c1233d5a97cc82f05b504393160b422688d9d75dbe1a258c9233e937ba7a0872c76fd1db043cc5

    Download Submit

  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe
    Filesize

    7.5MB

    MD5

    ba3dfb5265c82c5ec9cd1e51c5f1ffaf

    SHA1

    86027debeb3ab05bfcd545079b4e993f54fcf354

    SHA256

    ed7cd2476a127d79b8f4a39c238b21442e3a5938627e4e815b0e681188afe6d4

    SHA512

    e8cae5c12df349517b1e12a18fb9ef2edf56d3bffb155fcff4531865182ba78fa7d59a670e61decc694dca6a2bd2b756a3d8cec040d0ea96279861cfa8870444

    Download Submit

  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ORS647J\Synapse Launcher.exe
    Filesize

    7.5MB

    MD5

    ba3dfb5265c82c5ec9cd1e51c5f1ffaf

    SHA1

    86027debeb3ab05bfcd545079b4e993f54fcf354

    SHA256

    ed7cd2476a127d79b8f4a39c238b21442e3a5938627e4e815b0e681188afe6d4

    SHA512

    e8cae5c12df349517b1e12a18fb9ef2edf56d3bffb155fcff4531865182ba78fa7d59a670e61decc694dca6a2bd2b756a3d8cec040d0ea96279861cfa8870444

    Download Submit

  • \Users\Admin\AppData\Local\Temp\github.com_Blank-c_10442\python310.dll
    Filesize

    1.4MB

    MD5

    44f69298cbea9f2482b74d5ad1007293

    SHA1

    f56d9b7394398173546245dddb668d4253eb9016

    SHA256

    f7e9f9ec45f2dd104e9fb0802d0ced5e45e23227c3d0626e177ab0de893b7eca

    SHA512

    cb60c39c618bfdf16c07a044623f9cc5369b27f17ef6b26526ea8de87d99583274122360e125e5d2c493127b2430440ffd8509271abcbdc4cc3f658b69155f25

    Download Submit

  • memory/876-65-0x000007FEF67D0000-0x000007FEF6C3E000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/1044-59-0x000007FEFC621000-0x000007FEFC623000-memory.dmp

    Filesize

    8KB

    Download