Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
307s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
15/06/2024, 02:16
General
-
Target
https://github.com/githubskid/SynapseX/raw/main/SynapseX.exe
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/githubskid/SynapseX/raw/main/SynapseX.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/githubskid/SynapseX/raw/main/SynapseX.exe2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.0.642653031\2034635724" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6107fb4b-06bf-417b-a229-a317c1d775b4} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 1884 20fd212fe58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.1.1880154794\2121747212" -parentBuildID 20230214051806 -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6417942-898a-472b-9591-6114b9eb0284} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 2160 20fc5286c58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.2.1561540089\2143810779" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9fbe50-7754-4e14-bc79-40651f374868} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 3028 20fd4f3b258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.3.1406487632\609778454" -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 2816 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef543f6b-0039-4afe-9234-c15b089f0c30} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 4132 20fd6d9d158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.4.1540317210\669390755" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4952 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc4d6bbc-7730-4c57-8c55-3711766ebf9c} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 4888 20fd84b8c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.5.840370921\968152341" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e341c7b-f7bb-4714-b29f-e8306091f1c0} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 5100 20fd84b9258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.6.414647210\443887093" -childID 5 -isForBrowser -prefsHandle 5328 -prefMapHandle 5336 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eea2495-1393-4377-a5a2-7c1eda5ee3ea} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 5288 20fd84b9e58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26KB
MD55ea55e71c1f2512f1c39e61a3675bd1d
SHA1f4d490c40b6f7e9404a6fb518f6bc91d880e92a3
SHA2569a7f5df59b940f771ad8325735a685770ad1afb384ea6c54c1e261d0423dc59b
SHA5120814405f212f6007a5582a464c58a0fd38899c51d7eba74b44e882da27b6e4a581d2ab7e3bab6dd9728bc265af9d6f84d3dbf10fa02e1576463ba15297ffb38e
-
Filesize
5KB
MD5a8e51cc4a97274a8be14cc3d583ae1a4
SHA11a793f2584833bbabfccdcbd745f26bf49be38c5
SHA2564ee8ae1be399cef3e68a84d31dee9648a7ad5cf30cbd39a57a1a52e934a64214
SHA512559b358c9082eecdcd6985b19a2d1ccd24579acc75fb6cf354bbe94e8a84f7d17ea89a63907a691008e4cd3ee2426dcccced5f844b430a4fdeca7b1a0b1a1ade
-
Filesize
990B
MD57c86057a3cc6ee546c56f21c3de32b32
SHA14c8dc7f17e3dd8c05d7de9db5bc88539f4f82c5d
SHA256ae991619cbc3424ce6f225e06bd236a185cf19c95e043931b4ba46ddea826cf1
SHA5124ec8b911495bd299cd453c3aeeb77c015484223170c95de9986bd6f1398864e54e0386d2138dc85dd0a54541016cfa5e280cb653837c68185c30cdc503252dce
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
8KB
MD5d0dc1cd202393ed5905271911ef5bdff
SHA1bdcaa8459d9506d7bc417cd97d61d5353f447262
SHA256338958d9938c0cd300720aac9494c5a5fbecd4dd1d853f243bca5404aa8a0cfd
SHA5128c92b20789ee485e7ebada7180d1259667526231443746e776f75d346cec291d7efbd6c066ac4cb3751d2164fbf4d1317873bbbdea816059ad60c5ad43d2af23
-
Filesize
7KB
MD536107828be685ed68574570629869fc3
SHA108fe897b27364be02dffe257188f6848518e08ed
SHA256a5ea247f7670895ae7010d240fb3b09c80ffef4235f3fa9eb151cd3dd86ff19c
SHA512ad85d6350c246401104633990f721ca9aa27023f3e793620af128843642c7aa4c02e7cf9ce74be011bf31f75106a580db2baf1be4b05b9b9e1076ec618f4f208
-
Filesize
7KB
MD5bb2fd811fc6f9cb6e00cdc0e05db8494
SHA1af819e5a35b8fe503426121305334491cb59d15a
SHA25694c548edbe061753edfe5df861163f92ebdd0ac8c531df6e19b30232b6eb8e36
SHA512155bb1564264c6fa5b63814a38f85bf58236bdd3ca817353ae453b66c2996ec91eeda62b39c084628a14edbcbda85cd8d9bce98034d9fb84b50c2dcf56fbb2b1
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
1020B
MD51b482f85a45ae9789852f6daad613fff
SHA1874a47d204f917ddcb853396dfccbd0856701a06
SHA2564f05721912dcdecd7af97f6598e44a5059c35ff0b1ea318fbf97910097c06ad4
SHA5122c02965b94ecf5a2b94214ded652d9ce7e0d88f6f1376ec42821bbfdb9e1ca6c26278b6e03b47c302377174a85a17d237e3e8c23b52f8ed2431050e6ab4bb932
-
Filesize
1KB
MD517bf28e2d9b00d2aa8cdfe86ca6f1525
SHA1019c71f0fa18ddfc353bd7c76d4a182e6b026727
SHA256b4f954ee7366d5bee462c02872a7efb826dc8e903f020efeccb07f149f206e90
SHA51217d550395b73c836673c8744200c17584af6e3703ea876bd49578f374e75519bd70d5996e35641c77b94b27a51e0be3a3c349befc2b799da690bc46d35fc5362
-
Filesize
1KB
MD57b49e25ec49e4f72645bdaf2b8faf3bd
SHA158b524c199ca31c3cb3d24ee57822f3c2c243f98
SHA256ce6868a2440fc8caa626013ff99031bd6a27db75e467afdf2b445e0ca3782627
SHA512eefddc6072a35023995b760b4f99f62edc7c7155e583ad7f229d82ea8bad656a4cf0251a4428ff22c36c8f5c006e8465350e24d0b10dce0ac448e482fc1656fc
-
Filesize
1KB
MD585d58c1a0ae57b6255c8d5892c824426
SHA111faf0d4a8f166ed359a4ac63641599e7a2bab95
SHA256e4bbdd41b37e7680bc66a6ae4befb6aae093211ef6f6e77e2ee763542a7ea7a2
SHA512d05b24fbed4875ea1d25f879d9a526384787c4093c4779f2f8fea4fc6cf5d4f0772370c462d08a2fa28a1a77e4e1006461130af526253c5d422dc7bba17071bf
-
Filesize
192KB
MD55c3dc258fa9e2efecc3d8a651f42c480
SHA146b5a387265685ac6aaceaf3f6929be53e334091
SHA256e67af65936bac85742625399930cb37bcee38d420671b7a4b2c03d43994b8f03
SHA512be5358370b94d645dc5e5ac212204b7e90bc4e9a4af197037591c4a6322bed22653966dc764c03137c678867550fc5fc7ef1c5b992e66f586d0a1ad57b1fe9e8
-
Filesize
4KB
MD5cb55e4f4231cf2e608f3f85cff690128
SHA17921bee96fd18131deb1f9bfc6c80a322d70c9f7
SHA25664b2c1e865b8be462b7fe573fb8f9e8cf4e6e4725873fb50bd1ed692fc780865
SHA5129d540afe38f967fd36b528d940f8be91637493888fb2318ca281b1042381929fcfff75029a376e8981b62c6fb972f31e3e96ca210cc241c980593c67efc61d10