7e3247c9839a52819cdd5b6581877024abf7e002893a0fa1956ad72867c2fbb1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SynapseA/SynapseABootstrapper.exe
Size

68KB
MD5

68e058c3ba9933d2a0b621043d184cc4
SHA1

947c525f79fc72f9403b3cc80a7956e2502b37a4
SHA256

7dd986b4c62afb8bfae5d8cfcab62994266ed3300a80a51a2ac433c4fd47c6d8
SHA512

29c928a97771187b75248cf84ddcd76e5496ca4fd7653cb9182ad59bd17df5bcbd05ad0f224e4358864cd1621995ee0ccdc04ec33519b153fc75224c9a0d5ef3
SSDEEP

1536:Zc2yj/yvFy2azwvXtKK5dWve6X/sc1NBPD7U5ddG+12y+E:G/ysWvXY+WvRvsc1Nx0P/12O

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SynapseABootstrapper.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	SynapseABootstrapper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SynapseABootstrapper.exeSynapseA.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SynapseABootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SynapseA.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SynapseABootstrapper.exe

description	pid	Process	procid_target
PID 3764 wrote to memory of 1888	3764	SynapseABootstrapper.exe	87
PID 3764 wrote to memory of 1888	3764	SynapseABootstrapper.exe	87
PID 3764 wrote to memory of 1888	3764	SynapseABootstrapper.exe	87

C:\Users\Admin\AppData\Local\Temp\SynapseA\SynapseABootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SynapseA\SynapseABootstrapper.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Users\Admin\AppData\Local\Temp\SynapseA\SynapseA.exe
  "C:\Users\Admin\AppData\Local\Temp\SynapseA\SynapseA.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1888-13-0x00000000056A0000-0x00000000056F8000-memory.dmp

Filesize
352KB

Download
memory/1888-12-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/1888-9-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/1888-17-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/1888-10-0x00000000006F0000-0x000000000073A000-memory.dmp

Filesize
296KB

Download
memory/1888-16-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/1888-15-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/1888-14-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/3764-5-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/3764-4-0x0000000005510000-0x000000000551A000-memory.dmp

Filesize
40KB

Download
memory/3764-7-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/3764-2-0x0000000005B20000-0x00000000060C4000-memory.dmp

Filesize
5.6MB

Download
memory/3764-0-0x0000000074B2E000-0x0000000074B2F000-memory.dmp

Filesize
4KB

Download
memory/3764-11-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/3764-6-0x0000000005660000-0x00000000056A2000-memory.dmp

Filesize
264KB

Download
memory/3764-1-0x0000000000B40000-0x0000000000B58000-memory.dmp

Filesize
96KB

Download
memory/3764-3-0x0000000005570000-0x0000000005602000-memory.dmp

Filesize
584KB

Download