pysilon | 6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768 | Triage

Submit
Reports

Overview

overview

Static

static

Synapse Devbuild.exe

windows7-x64

7

Synapse Devbuild.exe

windows10-2004-x64

9

Resubmissions

04/11/2024, 17:09 UTC

241104-vpfqtssqez 10

04/11/2024, 17:09 UTC

241104-vpcdeasqex 10

04/11/2024, 17:09 UTC

241104-vn7sxstglr 10

03/11/2024, 15:43 UTC

241103-s5zsjaxjdv 10

03/11/2024, 15:41 UTC

241103-s4xa1szrbq 10

03/11/2024, 14:18 UTC

241103-rmmvksypaj 10

Sharing

General

Target

Synapse Devbuild.exe
Size

77.6MB
Sample

241104-vn7sxstglr
MD5

0e8ce70bc14eaf413f19a7a48abb947f
SHA1

fb9973d0459fa2c226c7acd0970935c5e1fb6877
SHA256

6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768
SHA512

b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544
SSDEEP

1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite

Score

10^/10

pysilon evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

Synapse Devbuild.exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Synapse Devbuild.exe

Resource

win10v2004-20241007-en

evasion execution persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Synapse Devbuild.exe
- Size
  
  77.6MB
- MD5
  
  0e8ce70bc14eaf413f19a7a48abb947f
- SHA1
  
  fb9973d0459fa2c226c7acd0970935c5e1fb6877
- SHA256
  
  6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768
- SHA512
  
  b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544
- SSDEEP
  
  1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite
Score

9^/10

upx evasion execution persistence
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.