Analysis
-
max time kernel
299s -
max time network
287s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
15-06-2024 02:21
General
-
Target
SynapseX.revamaped.V1.2.rar
-
Size
159.0MB
-
MD5
8d82f7ed4c78733c50a3063ca4e4532a
-
SHA1
2051551c6c0f18eaf3c4cf45ffe6119e582c19ae
-
SHA256
a6208f462177955192b13b4e514cada4f845103cad76b998746d09f98afad2f0
-
SHA512
df0111583caff8f0f6816db5840b65f79dce1aa28676ce73ad4637fabd14a31fb60fe788bfcd74fed3038d2a2ebf469e081d8506de6dedc987ecc11b58ea1dba
-
SSDEEP
3145728:DXqMQ+crhy8Vm/7kNm6kUhA9DxSs8FpSHNnIBnPmKuLT8gf/c2A:DXtQ+cD0/7DUh8LIBnPgX8B2A
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SynapseX.revamaped.V1.2.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\SynapseX.revamaped.V1.2.rar"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\SynapseX.revamaped.V1.2.rar3⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.0.1109166177\1295643542" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b982c175-12d2-419a-80c5-23a3ce1d5544} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 1848 19ef7827758 gpu4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.1.683678465\986971929" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ad4ebb-53a4-4932-b863-582543bd63a2} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 2436 19eeaa89658 socket4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.2.1868572854\2098256697" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2924 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83c0f43b-3244-462b-a498-f597a560f3c7} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 1484 19efa733f58 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.3.1291883362\1040705466" -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cc37dff-96e5-4139-ae02-27dbb70b4fd5} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 3896 19eeaa7a858 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.4.1138976508\2073823490" -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5212 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {affb30cd-95f2-43c2-ada7-ccc08b5aa364} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 5284 19efd6bb158 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.5.362397671\514896849" -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d59ce6-0399-4a2c-a040-d6e688603d5d} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 5404 19efd6bba58 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.6.1882495470\1852640468" -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5584 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f6501d-3f0e-4cdd-83de-2b140874e70f} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 5660 19efd6bc958 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1100.7.1763821814\429455243" -childID 6 -isForBrowser -prefsHandle 1668 -prefMapHandle 5912 -prefsLen 28081 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbbfd619-216b-4643-9f51-92eac6a3ea19} 1100 "\\.\pipe\gecko-crash-server-pipe.1100" 2784 19efa7aa758 tab4⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmpFilesize
26KB
MD503d696eafea0e3fa01cc3a461779ffbb
SHA1338dceab1e1531efc65c43099f30ae49e5d9bce2
SHA256efe59db5a90a97d01c38207f2e86d198987cbf71c1c6079515d6345496299bae
SHA5125662043267f3400c8e81755701a2d6ad6792a618823915b4b142ba526dd836234be05aaff9aaf10633f555d657f28ee3267309223a107278e68b752f13ddabdf
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmpFilesize
26KB
MD5b59fe7509297a9b95feb98f109211434
SHA172afc16002e5baeb068204b1b7c7b038b91f157d
SHA2566f5c5c1c3473d8bb60a8e8d96dabe3840fc153e099ef04d31799a46288462379
SHA5123e213c41320ccb4f6333de2ee49e9703454f7fd0e9f1726bdd0e16c8a008de6d1ddb639ade80fd4c9060e418f415b3fa0abce676adc645e87c5e0aafca20edd8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263Filesize
13KB
MD53c676704d880a2783d147fcea48add3a
SHA11a45facdd7188a0bfb17036521c2956d8d690731
SHA256ced3742ae23e1696d6b04086985bccb4525e971140969337a63b24fdcd82b342
SHA51204fd492219860c71fe3fd14c41fb2c02bb870dd74f67c26b700825bf557024f71de79ea351da9988768314a0ff531a389a75a05b5ff5d47bfd5d4df281366621
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
9KB
MD592993d84ac579f05438f5d3df5501e87
SHA17ff8215739f2e5c68d2b57c25a2c40338ddd3f3b
SHA256a8396a68b86b98add6c5b0c7899d2a2d821067d8ba9d419bfb7ae68e969b88d6
SHA512c74cef48d1ef354f2de386afc841cf0ef1ee962b631bdc5acef3a44f7b6f6e01d5498a1f776a65151c8544e3bef67b5a87043863df9a635b0f35d64bf4389bca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.jsFilesize
9KB
MD55b453b82f6cfb350389585b97447be99
SHA198bab57f9c8424c1980b29bbf531bacdf8df8d72
SHA25613db7e59f181966473358a25fb6ebcb11bf64e3f292aece176c460173bfbf244
SHA5127aef7832a18cf7c35ce33b3e6add28b43a80f802719cf091b6ae5971dfa2540af6ed19f5762292421dc2470fda530aa8ac9744b3f7193178a4fa5ed1eb27e4e9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.jsFilesize
7KB
MD57fcbb5be83630cc463bd075cac84e479
SHA1f073212abc6d9596a72db48fb3277053c43c4a1a
SHA256385caf5e13cebbc9970afce5650bc4afcc2d44a1fa7b1879aeff1771cecbd5c5
SHA51245cb6d7fc03e2bfae59ee4f0cffc03b642ee962b986007ec8ae16cd8752f722abf71ea8d1b9132ddb1a675be25ad8d1ea3c999ca92185ec804b4e360ae0d674d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.jsFilesize
6KB
MD5ceec01213d89a14f5fd6fa262dccde6e
SHA1e658bdda8e051bde4e7279954545807a777db55d
SHA256d94fe073ee6bac35966794a9cb1e7be7464f4a670594b4d548f3e24267480e61
SHA5121e929e7775f14c5932caa3c91c13275ff709c996b8c9a9487d4e112c36d0ec0b484366fe614f927958bd6a0cf824d0fbdd4fbed2c1e8713f4a3dc23c1091df46
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs.jsFilesize
6KB
MD5f72b0da3320c9a106aa4768a2773509a
SHA16f4b3bba0f9dfb09132565ba4e049e0ab15d8d0b
SHA2568f0f05f48c834538b69a281c9a5321b121ccf52a9d251df08a5af83ae192e2f6
SHA5127a15ea617c8b65098565c7ab8f7bb5a25be3288935b5b36bf700a161c54ce25ff7e4368079fbd8ad53b7642ba1fc0d719d3365f1941e7e429576de62a301a4d8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs.jsFilesize
6KB
MD59ba5028a4563a79d70c13d5fad412a11
SHA1cd80135ddfc227416ab85e3fdad1ae4064629cac
SHA25637938b0e8fc5368b51f60b01a5fcb6785473f1f0b0e26c2e4316aa691f7afef2
SHA512232010650fac741aaa65f9fa8715892407c1f1450d6846033c4baa30fc4334dae2251ed7d780d05705efe779abfc45d0dd25adb0ff12ab47f716981fe12d48f6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5450adb60f2595a94f818ba3d58fea673
SHA1cd8ddc8a2c04190cb0cfe900f7f10674ca140e03
SHA256523b9a1cc40ad1a4a013b9c9e5ce9afd819107f1afdf365b81f19fabde2f5ba9
SHA51263f3723e74d5a50f133d0b3ee62acac8e28dabde3655d40d0ac556a5d40baaa491dfc2faeac3578b8ce790e572578b4dde17ab77f6ff7b325bf429789208d092
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD530d97c8d11e6f72df3e532c04063f45c
SHA173b307301be842cee1dd0029bef352b2057c8e58
SHA2569c032c39bc8cff85206dc7a4bf2317f3adcd91044a852934d3fd77e8416b312f
SHA512d1c33a79c04cea746b5b4027db6c152987fee50ff1cef014b1c1f0074d685d8966b71a342283b523be9b35000927e458fe81254f274e8870f54aa8319cd91a9b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4Filesize
3KB
MD5e4cf534731dc6ede6ba30bb2e3b050cb
SHA112660a9215258e8896985959ea2c597106f4dfe1
SHA2562df051bf1ce056b7f6961ba94c9b503a2c209c18214281d67a0faa4f66c09e2f
SHA51236eddc6319c090202ad4fc796c74c9b5d78ee92f5fa3264f3c7695e336e446fdb271c74bd1171100e712bc9042704d58e058dd6e9e028c38c44170431c02f5e5