Malware Analysis Report

2025-01-23 15:23

Sample ID 240824-wgj9qatgjm
Target synapze scriping utility (1).zip
SHA256 bd13e45961dd3186abcabcbb8047ea99457d9e36a658d7c80d7a0a500d9405c5
Tags
vmprotect antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bd13e45961dd3186abcabcbb8047ea99457d9e36a658d7c80d7a0a500d9405c5

Threat Level: Shows suspicious behavior

The file synapze scriping utility (1).zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect antivm

VMProtect packed file

Checks CPU configuration

Unsigned PE

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 17:53

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json

[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json]

Network

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/utility/WebView2/EBWebView/CrashpadMetrics-active.pma]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/CrashpadMetrics-active.pma

[/tmp/utility/WebView2/EBWebView/CrashpadMetrics-active.pma]

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

17s

Command Line

[/tmp/utility/WebView2/EBWebView/Default/Code Cache/js/index]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Default/Code Cache/js/index

[/tmp/utility/WebView2/EBWebView/Default/Code Cache/js/index]

Network

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/utility/bin/api/CeleryIn.dll]

Signatures

N/A

Processes

/tmp/utility/bin/api/CeleryIn.dll

[/tmp/utility/bin/api/CeleryIn.dll]

Network

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/utility/bin/api/nyxplayerbeta.exe]

Signatures

N/A

Processes

/tmp/utility/bin/api/nyxplayerbeta.exe

[/tmp/utility/bin/api/nyxplayerbeta.exe]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240418-en-6 udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:55

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

51s

Command Line

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_2]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_2

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_2]

Network

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

12s

Command Line

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/index]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/index

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/index]

Network

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

9s

Command Line

[/tmp/utility/bin/api/CeleryInject.exe]

Signatures

N/A

Processes

/tmp/utility/bin/api/CeleryInject.exe

[/tmp/utility/bin/api/CeleryInject.exe]

Network

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

19s

Command Line

[/tmp/utility/WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip

[/tmp/utility/WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240418-en-2 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

1s

Command Line

[/tmp/synapze scriping utility (1).zip]

Signatures

N/A

Processes

/tmp/synapze scriping utility (1).zip

[/tmp/synapze scriping utility (1).zip]

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

35s

Command Line

[/tmp/utility/Newtonsoft.Json.xml]

Signatures

N/A

Processes

/tmp/utility/Newtonsoft.Json.xml

[/tmp/utility/Newtonsoft.Json.xml]

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/utility/SynapseRemake.pdb]

Signatures

N/A

Processes

/tmp/utility/SynapseRemake.pdb

[/tmp/utility/SynapseRemake.pdb]

Network

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

11s

Command Line

[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set

[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set]

Network

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

11s

Command Line

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_0]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_0

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_0]

Network

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

11s

Command Line

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_1]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_1

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_1]

Network

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

23s

Command Line

[/tmp/utility/bin/api/nyxplayerbet.exe]

Signatures

N/A

Processes

/tmp/utility/bin/api/nyxplayerbet.exe

[/tmp/utility/bin/api/nyxplayerbet.exe]

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

34s

Command Line

[/tmp/utility/Scripts/asd.txt]

Signatures

N/A

Processes

/tmp/utility/Scripts/asd.txt

[/tmp/utility/Scripts/asd.txt]

Network

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

26s

Command Line

[/tmp/utility/Scripts/unc.lua]

Signatures

N/A

Processes

/tmp/utility/Scripts/unc.lua

[/tmp/utility/Scripts/unc.lua]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240221-en-13 udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

34s

Command Line

[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json

[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240221-en-11 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-11 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

39s

Command Line

[/tmp/utility/WebView2/EBWebView/Crashpad/throttle_store.dat]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Crashpad/throttle_store.dat

[/tmp/utility/WebView2/EBWebView/Crashpad/throttle_store.dat]

Network

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

12s

Command Line

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_3]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_3

[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_3]

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:57

Platform

debian12-armhf-20240221-en

Max time kernel

2s

Max time network

175s

Command Line

[node /tmp/utility/Microsoft.Web.WebView2.Core.js]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A
File opened for reading /proc/self/maps /usr/bin/node N/A

Processes

/usr/bin/node

[node /tmp/utility/Microsoft.Web.WebView2.Core.js]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-3 udp
US 1.1.1.1:53 0.debian.pool.ntp.org udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

9s

Command Line

[/tmp/utility/Microsoft.Web.WebView2.Wpf.xml]

Signatures

N/A

Processes

/tmp/utility/Microsoft.Web.WebView2.Wpf.xml

[/tmp/utility/Microsoft.Web.WebView2.Wpf.xml]

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

12s

Command Line

[/tmp/utility/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf]

Signatures

N/A

Processes

/tmp/utility/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf

[/tmp/utility/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf]

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

17s

Command Line

[/tmp/utility/WebView2/EBWebView/BrowserMetrics-spare.pma]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/BrowserMetrics-spare.pma

[/tmp/utility/WebView2/EBWebView/BrowserMetrics-spare.pma]

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

13s

Command Line

[/tmp/utility/Microsoft.Web.WebView2.WinForms.xml]

Signatures

N/A

Processes

/tmp/utility/Microsoft.Web.WebView2.WinForms.xml

[/tmp/utility/Microsoft.Web.WebView2.WinForms.xml]

Network

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

10s

Command Line

[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json

[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json]

Network

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

12s

Command Line

[/tmp/utility/WebView2/EBWebView/Crashpad/settings.dat]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/Crashpad/settings.dat

[/tmp/utility/WebView2/EBWebView/Crashpad/settings.dat]

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

27s

Command Line

[/tmp/utility/Monaco/vs/editor/editor.main.css]

Signatures

N/A

Processes

/tmp/utility/Monaco/vs/editor/editor.main.css

[/tmp/utility/Monaco/vs/editor/editor.main.css]

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240418-en

Max time kernel

0s

Max time network

12s

Command Line

[/tmp/utility/SynapseRemake.exe.config]

Signatures

N/A

Processes

/tmp/utility/SynapseRemake.exe.config

[/tmp/utility/SynapseRemake.exe.config]

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:55

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

56s

Command Line

[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint

[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian12-armhf-20240221-en-10 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-08-24 17:53

Reported

2024-08-24 17:54

Platform

debian12-armhf-20240221-en

Max time kernel

0s

Max time network

35s

Command Line

[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint]

Signatures

N/A

Processes

/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint

[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint]

Network

Files

N/A