Overview

overview

3

Static

static

3

SynUIexe.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    9s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SynUIexe.exe

  • Size

    168KB

  • MD5

    bfab7b8f94fa3e7a63a5333fc1b42c5c

  • SHA1

    4abc7c179b844066a646905972cb333dfa1763bb

  • SHA256

    a92d928fece74b2713e7855d0b4789297b6ef39bbde30376e912e2913d8764a8

  • SHA512

    cb2402174a24840e1932222d694a12c9b4a6b077c087d51b4406a538a232933c66770bea1ac10921969f8d911ae0fe0af705c8ad1b7be88d61789faf6d40e684

  • SSDEEP

    1536:wdsu56uuMVod/HQIz6b+/vzbP60mNNNKXL7/7mG7hPKOjEPDarh76lh6Wtsmltnr:46ubb+//5mNNNKbmG94PDarpq+f4p

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SynUIexe.exe
    "C:\Users\Admin\AppData\Local\Temp\SynUIexe.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5000
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1816
      2⤵
      • Program crash
      PID:2408
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 1816
      2⤵
      • Program crash
      PID:5116
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5000 -ip 5000
    1⤵
      PID:2652
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5000 -ip 5000
      1⤵
        PID:3928

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5000-0-0x00000000001A0000-0x00000000001CE000-memory.dmp

        Filesize

        184KB

        Download

      • memory/5000-1-0x00000000752C0000-0x0000000075A70000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/5000-2-0x0000000004C90000-0x0000000004CA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5000-3-0x0000000004C90000-0x0000000004CA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5000-4-0x0000000007890000-0x0000000007898000-memory.dmp

        Filesize

        32KB

        Download

      • memory/5000-5-0x0000000007B70000-0x0000000007BA8000-memory.dmp

        Filesize

        224KB

        Download

      • memory/5000-6-0x0000000007B50000-0x0000000007B5E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/5000-7-0x0000000004C90000-0x0000000004CA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5000-8-0x00000000752C0000-0x0000000075A70000-memory.dmp

        Filesize

        7.7MB

        Download