Overview

overview

10

Static

static

10

Synapse Devbuild.exe

windows7-x64

7

Synapse Devbuild.exe

windows10-2004-x64

9

Resubmissions

04-11-2024 17:09

241104-vpfqtssqez 10

04-11-2024 17:09

241104-vpcdeasqex 10

04-11-2024 17:09

241104-vn7sxstglr 10

03-11-2024 15:43

241103-s5zsjaxjdv 10

03-11-2024 15:41

241103-s4xa1szrbq 10

03-11-2024 14:18

241103-rmmvksypaj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Synapse Devbuild.exe

  • Size

    77.6MB

  • Sample

    241104-vpcdeasqex

  • MD5

    0e8ce70bc14eaf413f19a7a48abb947f

  • SHA1

    fb9973d0459fa2c226c7acd0970935c5e1fb6877

  • SHA256

    6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768

  • SHA512

    b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544

  • SSDEEP

    1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Synapse Devbuild.exe

    • Size

      77.6MB

    • MD5

      0e8ce70bc14eaf413f19a7a48abb947f

    • SHA1

      fb9973d0459fa2c226c7acd0970935c5e1fb6877

    • SHA256

      6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768

    • SHA512

      b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544

    • SSDEEP

      1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks