93db5f4e53b9c0514b9c0c4c562be8d8e7c3d64f8542c03b7e7f032a9c5d0c55

Analysis

max time kernel
120s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse Launcher.exe
Size

788KB
MD5

20e1eb6b9b733bbd26ac8be5be603de2
SHA1

36beefc2467d94b5ec9ae843b2bb099898581bed
SHA256

73af760ad2ffdd931210079ef4b719a1a8c41a864e7d0a39faa5c1783fb140d6
SHA512

d486fc560f0f6d94428b58ae041a17053659e78c49fe9154ca9e642d692da43aeb7dd3f03b1aeb428ea398bdbdfab743960c2f0fa885cd97bc31655be2e42e0b
SSDEEP

12288:GoK0iEH0u6YNNCObkXxHDc/n3jUOSpUMh:nipzXonoOSpUMh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647367833130404"	chrome.exe

Modifies registry class 41 IoCs

Processes:

explorer.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 1e007180000000000000000000002f492640692fb846b9bf5654fc07e4230000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid	Process
4268	explorer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exechrome.exe

pid	Process
2960	msedge.exe
2960	msedge.exe
4628	chrome.exe
4628	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Synapse Launcher.exeexplorer.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	1840	Synapse Launcher.exe
Token: SeShutdownPrivilege	4268	explorer.exe
Token: SeCreatePagefilePrivilege	4268	explorer.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

explorer.exechrome.exe

pid	Process
4268	explorer.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 1460 wrote to memory of 1044	1460	msedge.exe	104
PID 1460 wrote to memory of 1044	1460	msedge.exe	104
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 4948	1460	msedge.exe	105
PID 1460 wrote to memory of 2960	1460	msedge.exe	106
PID 1460 wrote to memory of 2960	1460	msedge.exe	106
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107
PID 1460 wrote to memory of 1360	1460	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\Synapse Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse Launcher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1840

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5068

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault068873d8h95a9h4764h81a7h55d3b5179769
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe3d1546f8,0x7ffe3d154708,0x7ffe3d154718
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,2969543513542108615,12491252435462038006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,2969543513542108615,12491252435462038006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,2969543513542108615,12491252435462038006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe3d67ab58,0x7ffe3d67ab68,0x7ffe3d67ab78
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1036
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6878bae48,0x7ff6878bae58,0x7ff6878bae68
    3⤵
    PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4748 --field-trial-handle=1824,i,6381273332333004103,11433455839306311846,131072 /prefetch:1
  2⤵
  PID:5092

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e3425c4406d95645ca7f72ac44d1fbb3

SHA1
1193b6c7a24abdac9876d0b44ced257b5e6a4262

SHA256
dceb806fe62f5e049070c5500af1c0ad4b7ca006a6581abf9cc72f50641c14fa

SHA512
fa002b3d86b650897464f4c907e9237aafde944724a8234e9474303ddb206b55eb50af24558f7f5b97587d0347d3a7b255537a82595978296a3cb7d62858012b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6c4028fb5c1fc76137d5c40023d60cc5

SHA1
32773f47798764b2b7d71a17eade740f3c4d4932

SHA256
5f2a31cbaa485990ff521bf434a3779b202b51766e1859df44e2fdd9e77ee51d

SHA512
971676461d7e0e9103f5ade1608ed9a9c9d70185a651dfc783c6018bc1c6b0a5a70d4323b7fce68adbe8e8288e3c6ffc133871c2ab7a268f0fd36758f8d65e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5453d7a62e56d0975236b43c739e3d9f

SHA1
1383e7701f50ca98454e81006248fe3aa3b26a62

SHA256
b272ad1c0463322169faaca8f1b9eaf26895f75a32c6c701ebc3a6443c1538fd

SHA512
a73f92d389d9f5513f9d614a6e307e732673fa65b58a884cd19b24bcee53eddd430e62e4e898bff24acec58d525e8af55cf3087b59ed1fa360427657388d79ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cc2e9c494fe9f79bd2596669d8eee823

SHA1
93a13791198b695323f1aae0f943c956022cc50e

SHA256
6981667d899b7530142b3504bcb5895bed8f1f9005263898db959c3adb561bfc

SHA512
321ec2f85678e9230e5f60356275a98c44b2fafb48a12996e0e79d4b0940947d4c9914cfc84b07c0ceef8d472d0c627181da24f8e21388e9f676151cca8fbe41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7a884ac2b3af8a367ffea09a659095bd

SHA1
f19c5c388edc10ac9fc2b7b02a19cbbdef4612e7

SHA256
ae136397dbd5864274cc950d18a6ca1e9a3df376d9c00ad61d8b9d4eaed6aade

SHA512
7c0fb366d04a3a588d234e846ed9d2a8d75ec7ba6e69fcd8a53b32f9f80ec2406499ce4ff85d153d40524ea08802f63f5557928b2ad34edfad94a437988b52a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
fcbb0010693a80072cb1e4762eaf1b4b

SHA1
c5c4ffd7fdb3a7de2ac8e0bff3039a81718acce6

SHA256
d838784ab33266c997095935d1dbdfa17c1cddb1016def6b04527986f993488f

SHA512
4e381a850c48bb3dab716587725bf3f4ccbe6edce8bd434d2c23bdcd81fb9f80c3c28deb1f48d641cb5445b1f05ec18e3cb9c44a02e7635fc6f36a3f06bdfbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e57ec8bd99545e47a55d581964d0549

SHA1
bd7055ea7df7696298a94dedfc91136e3b530db8

SHA256
a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c

SHA512
6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d216d7f2195b8e7ad9114e27c53193c

SHA1
8c2c662c8fe9b0900d473d4688dbb890b7bcf2cd

SHA256
7acda3e9ca4bf2f6e134ca6017e6778895bcbe91a00b190b1ee1b620dca638ef

SHA512
d1d28bad2646494cc17da77506a54a10bd3df8d2263b73125b92278c82fad05a7ef18befffbf67ce913812b263d5a34eeb733399d9236f4dbb6753a79b485621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f9f66d8844edbee27990678f99326336

SHA1
9bb8895bef66dda9e73e963f474400506c661700

SHA256
98dd8a41646363bca1c8bc05d5a1e5fc5c9fa31daad3cf55eae7262fb7a172ed

SHA512
e22c482230efb4393551e05dc11aa143d8a76c189b33a2c7be5682cd14f6654c85bad2e40bf4d974298d359aab9c3d2601870e958831898e96dd55efa63bc5da

Download Submit
\??\pipe\LOCAL\crashpad_1460_AGQRXIYITNHBQSAV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1840-0-0x000000007408E000-0x000000007408F000-memory.dmp

Filesize
4KB

Download
memory/1840-6-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/1840-4-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/1840-3-0x0000000005210000-0x00000000052A2000-memory.dmp

Filesize
584KB

Download
memory/1840-2-0x0000000005910000-0x0000000005EB4000-memory.dmp

Filesize
5.6MB

Download
memory/1840-1-0x00000000007F0000-0x00000000008BA000-memory.dmp

Filesize
808KB

Download