Overview

overview

9

Static

static

3

Synapse Launcher.exe

windows7-x64

9

Synapse Launcher.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    1050s
  • max time network
    1052s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2023 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Synapse Launcher.exe

  • Size

    788KB

  • MD5

    20e1eb6b9b733bbd26ac8be5be603de2

  • SHA1

    36beefc2467d94b5ec9ae843b2bb099898581bed

  • SHA256

    73af760ad2ffdd931210079ef4b719a1a8c41a864e7d0a39faa5c1783fb140d6

  • SHA512

    d486fc560f0f6d94428b58ae041a17053659e78c49fe9154ca9e642d692da43aeb7dd3f03b1aeb428ea398bdbdfab743960c2f0fa885cd97bc31655be2e42e0b

  • SSDEEP

    12288:GoK0iEH0u6YNNCObkXxHDc/n3jUOSpUMh:nipzXonoOSpUMh

Score
9/10
googlediscoveryevasionpersistencephishingspywarestealertrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Contacts a large (694) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 18 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 6 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 41 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 9 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 28 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 8 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 13 IoCs
  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 10 IoCs
    evasionspywaretrojan
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Script User-Agent 12 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs