Analysis Overview
SHA256
bd13e45961dd3186abcabcbb8047ea99457d9e36a658d7c80d7a0a500d9405c5
Threat Level: Shows suspicious behavior
The file synapze scriping utility (1).zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
VMProtect packed file
Checks CPU configuration
Unsigned PE
Enumerates kernel/hardware configuration
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-24 17:53
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral18
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240418-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json
[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.json]
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/CrashpadMetrics-active.pma
[/tmp/utility/WebView2/EBWebView/CrashpadMetrics-active.pma]
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
17s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Default/Code Cache/js/index
[/tmp/utility/WebView2/EBWebView/Default/Code Cache/js/index]
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/utility/bin/api/CeleryIn.dll
[/tmp/utility/bin/api/CeleryIn.dll]
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240418-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/utility/bin/api/nyxplayerbeta.exe
[/tmp/utility/bin/api/nyxplayerbeta.exe]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240418-en-6 | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:55
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
51s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_2
[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_2]
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
12s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/index
[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/index]
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
9s
Command Line
Signatures
Processes
/tmp/utility/bin/api/CeleryInject.exe
[/tmp/utility/bin/api/CeleryInject.exe]
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240418-en
Max time kernel
0s
Max time network
19s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip
[/tmp/utility/WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240418-en-2 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Processes
/tmp/synapze scriping utility (1).zip
[/tmp/synapze scriping utility (1).zip]
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
35s
Command Line
Signatures
Processes
/tmp/utility/Newtonsoft.Json.xml
[/tmp/utility/Newtonsoft.Json.xml]
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/utility/SynapseRemake.pdb
[/tmp/utility/SynapseRemake.pdb]
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240418-en
Max time kernel
0s
Max time network
11s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set
[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/crl-set]
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
11s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_0
[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_0]
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
11s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_1
[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_1]
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
23s
Command Line
Signatures
Processes
/tmp/utility/bin/api/nyxplayerbet.exe
[/tmp/utility/bin/api/nyxplayerbet.exe]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
34s
Command Line
Signatures
Processes
/tmp/utility/Scripts/asd.txt
[/tmp/utility/Scripts/asd.txt]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
26s
Command Line
Signatures
Processes
/tmp/utility/Scripts/unc.lua
[/tmp/utility/Scripts/unc.lua]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-13 | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
34s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-11 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-11 | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
39s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Crashpad/throttle_store.dat
[/tmp/utility/WebView2/EBWebView/Crashpad/throttle_store.dat]
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
12s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_3
[/tmp/utility/WebView2/EBWebView/Default/Cache/Cache_Data/data_3]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:57
Platform
debian12-armhf-20240221-en
Max time kernel
2s
Max time network
175s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/node | N/A |
Processes
/usr/bin/node
[node /tmp/utility/Microsoft.Web.WebView2.Core.js]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-3 | udp |
| US | 1.1.1.1:53 | 0.debian.pool.ntp.org | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
9s
Command Line
Signatures
Processes
/tmp/utility/Microsoft.Web.WebView2.Wpf.xml
[/tmp/utility/Microsoft.Web.WebView2.Wpf.xml]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240418-en
Max time kernel
0s
Max time network
12s
Command Line
Signatures
Processes
/tmp/utility/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf
[/tmp/utility/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf]
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
17s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/BrowserMetrics-spare.pma
[/tmp/utility/WebView2/EBWebView/BrowserMetrics-spare.pma]
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240729-en
Max time kernel
0s
Max time network
13s
Command Line
Signatures
Processes
/tmp/utility/Microsoft.Web.WebView2.WinForms.xml
[/tmp/utility/Microsoft.Web.WebView2.WinForms.xml]
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
10s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json]
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
12s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/Crashpad/settings.dat
[/tmp/utility/WebView2/EBWebView/Crashpad/settings.dat]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
27s
Command Line
Signatures
Processes
/tmp/utility/Monaco/vs/editor/editor.main.css
[/tmp/utility/Monaco/vs/editor/editor.main.css]
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240418-en
Max time kernel
0s
Max time network
12s
Command Line
Signatures
Processes
/tmp/utility/SynapseRemake.exe.config
[/tmp/utility/SynapseRemake.exe.config]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:55
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
56s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
[/tmp/utility/WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-10 | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-08-24 17:53
Reported
2024-08-24 17:54
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
35s
Command Line
Signatures
Processes
/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint
[/tmp/utility/WebView2/EBWebView/CertificateRevocation/6498.2023.8.1/manifest.fingerprint]