Overview

overview

3

Static

static

3

Synapse X ...ve.exe

windows7-x64

1

Synapse X ...ve.exe

windows10-2004-x64

1

Synapse X ...aco.js

windows7-x64

3

Synapse X ...aco.js

windows10-2004-x64

3

Synapse X ...r.html

windows7-x64

1

Synapse X ...r.html

windows10-2004-x64

1

Synapse X ...ace.js

windows7-x64

3

Synapse X ...ace.js

windows10-2004-x64

3

Synapse X ...ens.js

windows7-x64

3

Synapse X ...ens.js

windows10-2004-x64

3

Synapse X ...met.js

windows7-x64

3

Synapse X ...met.js

windows10-2004-x64

3

Synapse X ...enu.js

windows7-x64

3

Synapse X ...enu.js

windows10-2004-x64

3

Synapse X ...ing.js

windows7-x64

3

Synapse X ...ing.js

windows10-2004-x64

3

Synapse X ...ons.js

windows7-x64

3

Synapse X ...ons.js

windows10-2004-x64

3

Synapse X ...rtl.js

windows7-x64

3

Synapse X ...rtl.js

windows10-2004-x64

3

Synapse X ...enu.js

windows7-x64

3

Synapse X ...enu.js

windows10-2004-x64

3

Synapse X ...lit.js

windows7-x64

3

Synapse X ...lit.js

windows10-2004-x64

3

Synapse X ...bar.js

windows7-x64

3

Synapse X ...bar.js

windows10-2004-x64

3

Synapse X ...ist.js

windows7-x64

3

Synapse X ...ist.js

windows10-2004-x64

3

Synapse X ...acs.js

windows7-x64

3

Synapse X ...acs.js

windows10-2004-x64

3

Synapse X ...vim.js

windows7-x64

3

Synapse X ...vim.js

windows10-2004-x64

3

Analysis

  • max time kernel
    30s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Synapse X Revive/bin/ace/ext-rtl.js

  • Size

    4KB

  • MD5

    a5cb31cfb4711ef14999198f0d35eaf3

  • SHA1

    743880a5e3b70681ef79d7df3188bf07ace00020

  • SHA256

    636bffd76a808af8f59bcd20a0c187bde3da088374eb66cedea297b03b17af8c

  • SHA512

    d56470d50db9352701cf5a3622fb008d6232fd8e7ac6c79b881490175ad629398dc167ad36297eeb3444fcfdd976dc49149deb3b0b35b2b9f9f08f182aded09a

  • SSDEEP

    96:SjMAmLqAJEv+ZPTo/mZPTBkt4xryhk1lO+ybLLva9vTCa:SjMAmLqAJEv+ZPTo/mZPTBkt4xry+1Ai

Score
3/10
execution

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Synapse X Revive\bin\ace\ext-rtl.js"
    1⤵
      PID:3528

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=1FA53731EB396573062823A2EAD96424; domain=.bing.com; expires=Sat, 28-Jun-2025 05:01:53 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AAB0DB16064749EEA5B8385BDD9A177D Ref B: LON04EDGE1017 Ref C: 2024-06-03T05:01:53Z
      date: Mon, 03 Jun 2024 05:01:53 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1FA53731EB396573062823A2EAD96424; _EDGE_S=SID=23CA585666E565F734674CC5678964EC
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=PfXlvZ45UfVq4XQcxEj0FmHrPPbJfewrTbVR-hCqyPE; domain=.bing.com; expires=Sat, 28-Jun-2025 05:01:53 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AC85A5EC60924BB2B4510B210D22E12F Ref B: LON04EDGE1017 Ref C: 2024-06-03T05:01:53Z
      date: Mon, 03 Jun 2024 05:01:53 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=13b0a2702c264b3594a63bdb92cd8a58&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111550Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
      Remote address:
      23.62.61.97:443
      Request
      GET /aes/c.gif?RG=13b0a2702c264b3594a63bdb92cd8a58&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111550Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1FA53731EB396573062823A2EAD96424
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C2CA2AFDC5B940329E480C7573ED4825 Ref B: BRU30EDGE0518 Ref C: 2024-06-03T05:01:53Z
      content-length: 0
      date: Mon, 03 Jun 2024 05:01:53 GMT
      set-cookie: _EDGE_S=SID=23CA585666E565F734674CC5678964EC; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=1FA53731EB396573062823A2EAD96424; path=/; httponly; expires=Sat, 28-Jun-2025 05:01:53 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1717390913.105a4670
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.61.62.23.in-addr.arpa
      IN PTR
      Response
      97.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-97deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
      tls, http2
      2.5kB
       9.0kB
       20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8C5VgoyCuunEXkUhWdS8onjVUCUz1FjdYzzZZnvE6QFlTCOMEuHk7s6uOaYKuT-6LtFqsMDulWTf9as2tO3ZAWDqpGY7zelL6xMEyG9Kc85pcx16MLNpkRFbeu8EtiJ3yZGZ4vXVqeWEGe-1DWQRvg-K-Fujl2pBr6GNTZmrgJAEKvdPa%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da29d08cc711817ba039b6ef72fd14089&TIME=20240508T111550Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

      HTTP Response

      204
    • 23.62.61.97:443
      https://www.bing.com/aes/c.gif?RG=13b0a2702c264b3594a63bdb92cd8a58&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111550Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
      tls, http2
      1.4kB
       5.3kB
       16
      11

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=13b0a2702c264b3594a63bdb92cd8a58&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T111550Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      97.61.62.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      97.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.