Analysis
-
max time kernel
428s -
max time network
414s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
-
submitted
04/09/2023, 09:42
General
-
Target
Synaptics.exe
-
Size
744KB
-
MD5
506abe2c5a447714f2125c4acab49d73
-
SHA1
2e48c1a327ebc0d1446eca18f5b96aff70052fae
-
SHA256
206c18a6eb3e8f2dc520dcfbf51949d6738c041f40a0b20db360d8214bedce0d
-
SHA512
0c1a9d59bcf467e60dcd64af5685a4b0994cf21accbcf279f615e93112e8d8607aec71688d25d6dfc71288545d1c28316d9d147b3a56e996c7695a0463da34c8
-
SSDEEP
12288:fMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9nI:fnsJ39LyjbJkQFMhmC+6GD9I
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\Synaptics.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
744KB
MD5506abe2c5a447714f2125c4acab49d73
SHA12e48c1a327ebc0d1446eca18f5b96aff70052fae
SHA256206c18a6eb3e8f2dc520dcfbf51949d6738c041f40a0b20db360d8214bedce0d
SHA5120c1a9d59bcf467e60dcd64af5685a4b0994cf21accbcf279f615e93112e8d8607aec71688d25d6dfc71288545d1c28316d9d147b3a56e996c7695a0463da34c8
-
Filesize
744KB
MD5506abe2c5a447714f2125c4acab49d73
SHA12e48c1a327ebc0d1446eca18f5b96aff70052fae
SHA256206c18a6eb3e8f2dc520dcfbf51949d6738c041f40a0b20db360d8214bedce0d
SHA5120c1a9d59bcf467e60dcd64af5685a4b0994cf21accbcf279f615e93112e8d8607aec71688d25d6dfc71288545d1c28316d9d147b3a56e996c7695a0463da34c8
-
Filesize
744KB
MD5506abe2c5a447714f2125c4acab49d73
SHA12e48c1a327ebc0d1446eca18f5b96aff70052fae
SHA256206c18a6eb3e8f2dc520dcfbf51949d6738c041f40a0b20db360d8214bedce0d
SHA5120c1a9d59bcf467e60dcd64af5685a4b0994cf21accbcf279f615e93112e8d8607aec71688d25d6dfc71288545d1c28316d9d147b3a56e996c7695a0463da34c8
-
Filesize
4KB
-
Filesize
768KB
-
Filesize
4KB
-
Filesize
768KB