0ba39629c14ed6bf0a6df55ba5070a87241a1c8a42fdb35c551ad5c906d8035a

Resubmissions

29-11-2024 09:17

241129-k84a5asnem 10

28-12-2023 11:08

231228-m8mdqahgd5 7

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synaptics.exe
Size

2.5MB
MD5

996e9b4d835bc8127ac5a4f04a324993
SHA1

398f70664312de618d9e5a0758a5dc3429072897
SHA256

f7fb599851bd25c0d4bbadb129028ae0c9ff21d11b3a9dc5e29bbadb1a995f47
SHA512

521fa9bb50f59c7e65b2aad3824d305ac9216258125c0a09915b6a999e126e1c2b8c70944e8fb12073166f901ae40e70f0182e91e973f590376d8498e8841c7a
SSDEEP

12288:EMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9lo:EnsJ39LyjbJkQFMhmC+6GD9

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2820	Synaptics.exe

Loads dropped DLL 2 IoCs

pid	Process
2436	Synaptics.exe
2436	Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	Synaptics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2820	2436	Synaptics.exe	28
PID 2436 wrote to memory of 2820	2436	Synaptics.exe	28
PID 2436 wrote to memory of 2820	2436	Synaptics.exe	28
PID 2436 wrote to memory of 2820	2436	Synaptics.exe	28

C:\Users\Admin\AppData\Local\Temp\Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\Synaptics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2436
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
215KB

MD5
1f8bf97a8a3b90e122288cf8d9e7726f

SHA1
97d84da0975bea883b6154047d0275c4313d9364

SHA256
46ab6040adc5490abb0a307d63d748c8cb0423c6a4ded615e18bb776dcde5cfa

SHA512
403afa6665e8a664ab358b753ae6375fb782f7963844ac01c63b49d71719be90a185fbe06b6c1f3f38ccd80c05203301e7f7c1fd53e592f57b44f6cb28fd5dc9

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
661KB

MD5
cc4e465477a55e0f0a25d6a66be1922a

SHA1
4fd5736c2acf5ff01e59edf225e1d6bab8a20e43

SHA256
9aaaaee1e64e191d2ee4822b997dae27c37b60aef1ade99392bfb9c38de3a5cf

SHA512
ecf1c6031d456cf63bb9f73234325a1e7600105380370531c8dae97d9123c4d705ea6bf6ccd2a3b5b3957763026f70388346f458ecb55016dcc9a7f926176c51

Download Submit
\ProgramData\Synaptics\Synaptics.exe

Filesize
773KB

MD5
9b697e45140d368d4df2572075dd232d

SHA1
76d576902dfc00aa9287c380dc6a10f78f7de89a

SHA256
47bd2098e155c7446dcec4ecab06561d0e81dea823920a6fb15a680f1dbfbd35

SHA512
130b208babeb6412eb48902ca8783d508ec49ca84f6449c952df62ed2b66978ae9700f087618284238aef7daa0d060cbaa670c4a05e23a76e9c9a4b4f45509f6

Download Submit
\ProgramData\Synaptics\Synaptics.exe

Filesize
178KB

MD5
b84f55c6b8ddb0d7edc4a1bcc1e92918

SHA1
f6d7fbfe893170ea16904e79aaa92ceecba6f861

SHA256
1722c3330b1e3a490b34335a86da0f638ac45fe4f1b4d1d00c7c42202e6347b5

SHA512
684b51487fd85e54a2a229cb6b78a04c33bc8c5f01cf4eb7421fc74a72e47ed8c8c11d7a737d52759b17644f2c36751f2494fff1191458dae6bb0334d0d8d157

Download Submit
memory/2436-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2436-14-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2820-15-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2820-16-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2820-17-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2820-18-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2820-19-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2820-47-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads