cbff32a11e742c778f5d2d94da6699af7302ec751111b06c37f665768eaf2d02

Resubmissions

21/09/2024, 14:51

240921-r7719aybkr 6

21/09/2024, 12:45

240921-pzfkxssfng 6

Analysis

max time kernel
428s
max time network
439s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse X.exe
Size

374KB
MD5

b69c13e0099df6821ba000cb9d39819b
SHA1

6a36cf9a4a9ff90f8ddf21f62db94ef2691b85ee
SHA256

cbff32a11e742c778f5d2d94da6699af7302ec751111b06c37f665768eaf2d02
SHA512

0c7b4d42f46a04574d8adf6d6149e0a81bc4cbafcb2e46557b0bd083f82fdd8dbf7cc166ee0da1cdf5048605f0e83f50a1e064a5c581a97b1aefc4533d9954bb
SSDEEP

6144:H83Kwo3BjOALaQIigh4f86OZUjUKnmuv9uVYwEHCnGuBt+1:Hxz7r86h0uv8V5nxj+1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	pastebin.com
14	pastebin.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	760	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synapse X.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	760	Synapse X.exe

C:\Users\Admin\AppData\Local\Temp\Synapse X.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 4724
  2⤵
  - Program crash
  PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 760 -ip 760
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/760-0-0x00000000748DE000-0x00000000748DF000-memory.dmp

Filesize
4KB

Download
memory/760-1-0x00000000005A0000-0x0000000000602000-memory.dmp

Filesize
392KB

Download
memory/760-2-0x0000000007440000-0x00000000074BA000-memory.dmp

Filesize
488KB

Download
memory/760-3-0x00000000028B0000-0x00000000028B6000-memory.dmp

Filesize
24KB

Download
memory/760-4-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/760-5-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/760-6-0x0000000007530000-0x0000000007568000-memory.dmp

Filesize
224KB

Download
memory/760-7-0x0000000006070000-0x000000000607E000-memory.dmp

Filesize
56KB

Download
memory/760-8-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download