6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768

Resubmissions

04-11-2024 17:09

241104-vpfqtssqez 10

04-11-2024 17:09

04-11-2024 17:09

03-11-2024 15:43

03-11-2024 15:41

03-11-2024 14:18

Analysis

max time kernel
55s
max time network
61s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse Devbuild.exe
Size

77.6MB
MD5

0e8ce70bc14eaf413f19a7a48abb947f
SHA1

fb9973d0459fa2c226c7acd0970935c5e1fb6877
SHA256

6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768
SHA512

b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544
SSDEEP

1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Synapse Devbuild.exe

pid	process
1856	Synapse Devbuild.exe
1856	Synapse Devbuild.exe
1856	Synapse Devbuild.exe
1856	Synapse Devbuild.exe
1856	Synapse Devbuild.exe
1856	Synapse Devbuild.exe
1856	Synapse Devbuild.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI25522\python312.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Synapse Devbuild.exe

description	pid	process	target process
PID 2552 wrote to memory of 1856	2552	Synapse Devbuild.exe	Synapse Devbuild.exe
PID 2552 wrote to memory of 1856	2552	Synapse Devbuild.exe	Synapse Devbuild.exe
PID 2552 wrote to memory of 1856	2552	Synapse Devbuild.exe	Synapse Devbuild.exe

C:\Users\Admin\AppData\Local\Temp\Synapse Devbuild.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse Devbuild.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\Synapse Devbuild.exe
  "C:\Users\Admin\AppData\Local\Temp\Synapse Devbuild.exe"
  2⤵
  - Loads dropped DLL
  PID:1856

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b59d773b0848785a76baba82d3f775fa

SHA1
1b8dcd7f0e2ab0ba9ba302aa4e9c4bfa8da74a82

SHA256
0dc1f695befddb8ee52a308801410f2f1d115fc70668131075c2dbcfa0b6f9a0

SHA512
cbd52ed8a7471187d74367aa03bf097d9eac3e0d6dc64baf835744a09da0b050537ea6092dcb8b1e0365427e7f27315be2145c6f853ef936755ad07ef17d4a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
4c9bf992ae40c7460a029b1046a7fb5e

SHA1
79e13947af1d603c964cce3b225306cadff4058b

SHA256
18655793b4d489f769327e3c8710aced6b763c7873b6a8dc5ae6f28d228647f4

SHA512
c36d455ac79a73758f6090977c204764a88e929e8eaa7ce27a9c9920451c014e84ae98beb447e8345a8fa186b8c668b076c0ed27047a0e23ad2eeaf2cbc3a8d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
9d8e7a90dd0d54b7ccde435b977ee46d

SHA1
15cd12089c63f4147648856b16193cf014e6764f

SHA256
dc570708327c4c8419d4cced2a162d7ca112a168301134dd1fb5e2040eee45b6

SHA512
339fe195602355bce26a2526613a212271e7f8c7518d591b9e3c795c154d93b29b8c524b2c3678c799d0ea0101eabea918564e49def0b915af0619e975f1c34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
20KB

MD5
d399c926466f044f183faa723ba59120

SHA1
a9534b4910888d70eefba6fcc3376f2549cb4a05

SHA256
19b018be16afe143fb107ef1dd5b8e6c6cb45966806eb3d31ec09ff0dc2b70d1

SHA512
fc55f4cfe7c6c63e0720971d920c5c6ead4db74a671f7bb8dc830aa87cb54459a62e974456875bdfda449d82a0acb368e3b6c2cc20c32b1b407e8de7cc532057

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-timezone-l1-1-0.dll

Filesize
20KB

MD5
ea5f768b9a1664884ae4ae62cec90678

SHA1
ae08e80431da7f4e8f1e5457c255cc360ef1cac0

SHA256
24f4530debf2161e0d0256f923b836aeccc3278a6ff2c9400e415600276b5a6d

SHA512
411db31e994ebbc69971972e45d6e51186d8f8790e8c67660b6a846e48a5a5c53a113916a5a15d14c33d8c88037d7f252135e699cb526c4bb3b5abd2e2dfee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\python312.dll

Filesize
1.7MB

MD5
71070618402c15a2fad5ca70c9ef7297

SHA1
34fedbf17a57010c5cd20ef4e690616859cc8e68

SHA256
7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

SHA512
81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\ucrtbase.dll

Filesize
1.1MB

MD5
b0397bb83c9d579224e464eebf40a090

SHA1
81efdfe57225dfe581aafb930347535f08f2f4ce

SHA256
d2ebd8719455ae4634d00fd0d0eb0c3ad75054fee4ff545346a1524e5d7e3a66

SHA512
e72a4378ed93cfb3da60d69af8103a0dcb9a69a86ee42f004db29771b00a606fbc9cbc37f3daa155d1d5fe85f82c87ca9898a39c7274462fcf5c4420f0581ab3

Download Submit
memory/1856-1323-0x000007FEF6380000-0x000007FEF6A45000-memory.dmp

Filesize
6.8MB

Download
memory/1856-1324-0x000007FEF6380000-0x000007FEF6A45000-memory.dmp

Filesize
6.8MB

Download