Overview

overview

10

Static

static

10

SynapseX.r....2.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    299s
  • max time network
    287s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SynapseX.revamaped.V1.2.rar

  • Size

    159.0MB

  • MD5

    8d82f7ed4c78733c50a3063ca4e4532a

  • SHA1

    2051551c6c0f18eaf3c4cf45ffe6119e582c19ae

  • SHA256

    a6208f462177955192b13b4e514cada4f845103cad76b998746d09f98afad2f0

  • SHA512

    df0111583caff8f0f6816db5840b65f79dce1aa28676ce73ad4637fabd14a31fb60fe788bfcd74fed3038d2a2ebf469e081d8506de6dedc987ecc11b58ea1dba

  • SSDEEP

    3145728:DXqMQ+crhy8Vm/7kNm6kUhA9DxSs8FpSHNnIBnPmKuLT8gf/c2A:DXtQ+cD0/7DUh8LIBnPgX8B2A

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SynapseX.revamaped.V1.2.rar
    1⤵
    • Modifies registry class
    PID:2976
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:264
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\SynapseX.revamaped.V1.2.rar"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5096
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\SynapseX.revamaped.V1.2.rar
        3⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1100
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.0.1109166177\1295643542" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b982c175-12d2-419a-80c5-23a3ce1d5544} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 1848 19ef7827758 gpu
          4⤵
            PID:4440
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.1.683678465\986971929" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ad4ebb-53a4-4932-b863-582543bd63a2} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 2436 19eeaa89658 socket
            4⤵
              PID:2556
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.2.1868572854\2098256697" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2924 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83c0f43b-3244-462b-a498-f597a560f3c7} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 1484 19efa733f58 tab
              4⤵
                PID:4292
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.3.1291883362\1040705466" -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cc37dff-96e5-4139-ae02-27dbb70b4fd5} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 3896 19eeaa7a858 tab
                4⤵
                  PID:1896
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.4.1138976508\2073823490" -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5212 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {affb30cd-95f2-43c2-ada7-ccc08b5aa364} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 5284 19efd6bb158 tab
                  4⤵
                    PID:3928
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.5.362397671\514896849" -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d59ce6-0399-4a2c-a040-d6e688603d5d} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 5404 19efd6bba58 tab
                    4⤵
                      PID:2036
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.6.1882495470\1852640468" -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5584 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f6501d-3f0e-4cdd-83de-2b140874e70f} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 5660 19efd6bc958 tab
                      4⤵
                        PID:3552
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.7.1763821814\429455243" -childID 6 -isForBrowser -prefsHandle 1668 -prefMapHandle 5912 -prefsLen 28081 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbbfd619-216b-4643-9f51-92eac6a3ea19} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 2784 19efa7aa758 tab
                        4⤵
                          PID:2696

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    26KB

                    MD5

                    03d696eafea0e3fa01cc3a461779ffbb

                    SHA1

                    338dceab1e1531efc65c43099f30ae49e5d9bce2

                    SHA256

                    efe59db5a90a97d01c38207f2e86d198987cbf71c1c6079515d6345496299bae

                    SHA512

                    5662043267f3400c8e81755701a2d6ad6792a618823915b4b142ba526dd836234be05aaff9aaf10633f555d657f28ee3267309223a107278e68b752f13ddabdf

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    26KB

                    MD5

                    b59fe7509297a9b95feb98f109211434

                    SHA1

                    72afc16002e5baeb068204b1b7c7b038b91f157d

                    SHA256

                    6f5c5c1c3473d8bb60a8e8d96dabe3840fc153e099ef04d31799a46288462379

                    SHA512

                    3e213c41320ccb4f6333de2ee49e9703454f7fd0e9f1726bdd0e16c8a008de6d1ddb639ade80fd4c9060e418f415b3fa0abce676adc645e87c5e0aafca20edd8

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
                    Filesize

                    13KB

                    MD5

                    3c676704d880a2783d147fcea48add3a

                    SHA1

                    1a45facdd7188a0bfb17036521c2956d8d690731

                    SHA256

                    ced3742ae23e1696d6b04086985bccb4525e971140969337a63b24fdcd82b342

                    SHA512

                    04fd492219860c71fe3fd14c41fb2c02bb870dd74f67c26b700825bf557024f71de79ea351da9988768314a0ff531a389a75a05b5ff5d47bfd5d4df281366621

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                    Filesize

                    9KB

                    MD5

                    92993d84ac579f05438f5d3df5501e87

                    SHA1

                    7ff8215739f2e5c68d2b57c25a2c40338ddd3f3b

                    SHA256

                    a8396a68b86b98add6c5b0c7899d2a2d821067d8ba9d419bfb7ae68e969b88d6

                    SHA512

                    c74cef48d1ef354f2de386afc841cf0ef1ee962b631bdc5acef3a44f7b6f6e01d5498a1f776a65151c8544e3bef67b5a87043863df9a635b0f35d64bf4389bca

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                    Filesize

                    9KB

                    MD5

                    5b453b82f6cfb350389585b97447be99

                    SHA1

                    98bab57f9c8424c1980b29bbf531bacdf8df8d72

                    SHA256

                    13db7e59f181966473358a25fb6ebcb11bf64e3f292aece176c460173bfbf244

                    SHA512

                    7aef7832a18cf7c35ce33b3e6add28b43a80f802719cf091b6ae5971dfa2540af6ed19f5762292421dc2470fda530aa8ac9744b3f7193178a4fa5ed1eb27e4e9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    7fcbb5be83630cc463bd075cac84e479

                    SHA1

                    f073212abc6d9596a72db48fb3277053c43c4a1a

                    SHA256

                    385caf5e13cebbc9970afce5650bc4afcc2d44a1fa7b1879aeff1771cecbd5c5

                    SHA512

                    45cb6d7fc03e2bfae59ee4f0cffc03b642ee962b986007ec8ae16cd8752f722abf71ea8d1b9132ddb1a675be25ad8d1ea3c999ca92185ec804b4e360ae0d674d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    ceec01213d89a14f5fd6fa262dccde6e

                    SHA1

                    e658bdda8e051bde4e7279954545807a777db55d

                    SHA256

                    d94fe073ee6bac35966794a9cb1e7be7464f4a670594b4d548f3e24267480e61

                    SHA512

                    1e929e7775f14c5932caa3c91c13275ff709c996b8c9a9487d4e112c36d0ec0b484366fe614f927958bd6a0cf824d0fbdd4fbed2c1e8713f4a3dc23c1091df46

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    f72b0da3320c9a106aa4768a2773509a

                    SHA1

                    6f4b3bba0f9dfb09132565ba4e049e0ab15d8d0b

                    SHA256

                    8f0f05f48c834538b69a281c9a5321b121ccf52a9d251df08a5af83ae192e2f6

                    SHA512

                    7a15ea617c8b65098565c7ab8f7bb5a25be3288935b5b36bf700a161c54ce25ff7e4368079fbd8ad53b7642ba1fc0d719d3365f1941e7e429576de62a301a4d8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    9ba5028a4563a79d70c13d5fad412a11

                    SHA1

                    cd80135ddfc227416ab85e3fdad1ae4064629cac

                    SHA256

                    37938b0e8fc5368b51f60b01a5fcb6785473f1f0b0e26c2e4316aa691f7afef2

                    SHA512

                    232010650fac741aaa65f9fa8715892407c1f1450d6846033c4baa30fc4334dae2251ed7d780d05705efe779abfc45d0dd25adb0ff12ab47f716981fe12d48f6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    450adb60f2595a94f818ba3d58fea673

                    SHA1

                    cd8ddc8a2c04190cb0cfe900f7f10674ca140e03

                    SHA256

                    523b9a1cc40ad1a4a013b9c9e5ce9afd819107f1afdf365b81f19fabde2f5ba9

                    SHA512

                    63f3723e74d5a50f133d0b3ee62acac8e28dabde3655d40d0ac556a5d40baaa491dfc2faeac3578b8ce790e572578b4dde17ab77f6ff7b325bf429789208d092

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    4KB

                    MD5

                    30d97c8d11e6f72df3e532c04063f45c

                    SHA1

                    73b307301be842cee1dd0029bef352b2057c8e58

                    SHA256

                    9c032c39bc8cff85206dc7a4bf2317f3adcd91044a852934d3fd77e8416b312f

                    SHA512

                    d1c33a79c04cea746b5b4027db6c152987fee50ff1cef014b1c1f0074d685d8966b71a342283b523be9b35000927e458fe81254f274e8870f54aa8319cd91a9b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    e4cf534731dc6ede6ba30bb2e3b050cb

                    SHA1

                    12660a9215258e8896985959ea2c597106f4dfe1

                    SHA256

                    2df051bf1ce056b7f6961ba94c9b503a2c209c18214281d67a0faa4f66c09e2f

                    SHA512

                    36eddc6319c090202ad4fc796c74c9b5d78ee92f5fa3264f3c7695e336e446fdb271c74bd1171100e712bc9042704d58e058dd6e9e028c38c44170431c02f5e5

                    Download Submit