21829708b9a4864c95b5f388fb3e0e850c2f1e04e17f093e6e6bb7d7f383e913 | Triage

Analysis

max time kernel
4s
max time network
7s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
04/10/2024, 00:44

Sharing

Report Analysis Logs

General

Target

SynapseDowngrader.exe
Size

600KB
MD5

8c48b5f9d5efc74bfb95390ea23f2db7
SHA1

76e3c2b597164b9009c65f421e87abfc3b3e412b
SHA256

21829708b9a4864c95b5f388fb3e0e850c2f1e04e17f093e6e6bb7d7f383e913
SHA512

de80367169c7862ec66505c84c42be1134c16c9c19a8f1344d6ed9dd1d7510fe993cc249b077c2e61c2f3cdd2555930eef50f44e287fb42ef11b00593229a28f
SSDEEP

12288:Egby/bP2s/c9DO3LOBCjey8al5+mAIG+dGRqCW77UZh:Egby/bP2sIDULOBCjlvWI7GRk2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 3064	3608	SynapseDowngrader.exe	72
PID 3608 wrote to memory of 3064	3608	SynapseDowngrader.exe	72

C:\Users\Admin\AppData\Local\Temp\SynapseDowngrader.exe
"C:\Users\Admin\AppData\Local\Temp\SynapseDowngrader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause > nul
  2⤵
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads