Overview
overview
3Static
static
1synllc.git...ace.js
windows7-x64
3synllc.git...ace.js
windows10-2004-x64
3synllc.git...ook.js
windows7-x64
3synllc.git...ook.js
windows10-2004-x64
3synllc.git...min.js
windows7-x64
3synllc.git...min.js
windows10-2004-x64
3synllc.git...n.html
windows7-x64
3synllc.git...n.html
windows10-2004-x64
3synllc.git...g.html
windows7-x64
3synllc.git...g.html
windows10-2004-x64
3synllc.git...t.html
windows7-x64
3synllc.git...t.html
windows10-2004-x64
3synllc.git...y.html
windows7-x64
3synllc.git...y.html
windows10-2004-x64
3synllc.git...tor.js
windows7-x64
3synllc.git...tor.js
windows10-2004-x64
3synllc.git...min.js
windows7-x64
3synllc.git...min.js
windows10-2004-x64
3synllc.git...ght.js
windows7-x64
3synllc.git...ght.js
windows10-2004-x64
3synllc.git...x.html
windows7-x64
3synllc.git...x.html
windows10-2004-x64
3synllc.git...n.html
windows7-x64
3synllc.git...n.html
windows10-2004-x64
3synllc.git...n.html
windows7-x64
3synllc.git...n.html
windows10-2004-x64
3synllc.git...min.js
windows7-x64
3synllc.git...min.js
windows10-2004-x64
3synllc.git...ust.js
windows7-x64
3synllc.git...ust.js
windows10-2004-x64
3synllc.git...t.html
windows7-x64
3synllc.git...t.html
windows10-2004-x64
3Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/11/2024, 22:38
Static task
static1
Behavioral task
behavioral1
Sample
synllc.github.io/synapse-x-documentation/ace.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
synllc.github.io/synapse-x-documentation/ace.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
synllc.github.io/synapse-x-documentation/book.js
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
synllc.github.io/synapse-x-documentation/book.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
synllc.github.io/synapse-x-documentation/clipboard.min.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
synllc.github.io/synapse-x-documentation/clipboard.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
synllc.github.io/synapse-x-documentation/development/dev_introduction.html
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
synllc.github.io/synapse-x-documentation/development/dev_introduction.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
synllc.github.io/synapse-x-documentation/development/supervisor_programming.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
synllc.github.io/synapse-x-documentation/development/supervisor_programming.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
synllc.github.io/synapse-x-documentation/development/syn_environment.html
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
synllc.github.io/synapse-x-documentation/development/syn_environment.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
synllc.github.io/synapse-x-documentation/development/syn_security.html
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
synllc.github.io/synapse-x-documentation/development/syn_security.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
synllc.github.io/synapse-x-documentation/editor.js
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
synllc.github.io/synapse-x-documentation/editor.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
synllc.github.io/synapse-x-documentation/elasticlunr.min.js
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
synllc.github.io/synapse-x-documentation/elasticlunr.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
synllc.github.io/synapse-x-documentation/highlight.js
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
synllc.github.io/synapse-x-documentation/highlight.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
synllc.github.io/synapse-x-documentation/index.html
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
synllc.github.io/synapse-x-documentation/index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
synllc.github.io/synapse-x-documentation/install/installation.html
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
synllc.github.io/synapse-x-documentation/install/installation.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
synllc.github.io/synapse-x-documentation/introduction.html
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
synllc.github.io/synapse-x-documentation/introduction.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
synllc.github.io/synapse-x-documentation/mark.min.js
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
synllc.github.io/synapse-x-documentation/mark.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
synllc.github.io/synapse-x-documentation/mode-rust.js
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
synllc.github.io/synapse-x-documentation/mode-rust.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
synllc.github.io/synapse-x-documentation/print.html
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
synllc.github.io/synapse-x-documentation/print.html
Resource
win10v2004-20241007-en
General
-
Target
synllc.github.io/synapse-x-documentation/development/syn_security.html
-
Size
27KB
-
MD5
dca129e24d9f1263f748da69a6c869d7
-
SHA1
f22df110833ef6a8d9da1377e9e6c1ca67b389dc
-
SHA256
82bda362efdb06cd8b0ec3f1728cfba576f94c7437980fffc836afdd539240e6
-
SHA512
19b389316eaca1d4fbe02531a88cb3b854dd30640544aa70bfb142a8fb7f0b7e617e88534ab3eea50ff79c6568f57373013d73e6bf6d37c0c8821c98cad82880
-
SSDEEP
384:zJnxfrhuSSDfJsM0Il6Pof/oaADEcvVOjdjkOApO/nf4DaAbFtf0fXUCqZXYjoUU:zJJJRHTfnblp
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1237D5D1-9D59-11EF-809B-F2DF7204BD4F} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2148 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2148 iexplore.exe 2148 iexplore.exe 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE 2264 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2148 wrote to memory of 2264 2148 iexplore.exe 30 PID 2148 wrote to memory of 2264 2148 iexplore.exe 30 PID 2148 wrote to memory of 2264 2148 iexplore.exe 30 PID 2148 wrote to memory of 2264 2148 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\synllc.github.io\synapse-x-documentation\development\syn_security.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2264
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b075487a4957cc19c12e0c46d313e9c7
SHA1117380b8a1ce693e2b4c32df65edce8a03dcccc3
SHA256c3b9e1a5fcc2087dfce789e70633e03fab89153608203d0afe3370d64b158c05
SHA512977e1c657cc9f14a7bef5ffe672b1d28fd7b14a6063cf135b6343791530f27b9ee2517db693b71b480123d224a83eb8cd0899f06e2ba8033ea50c908c69aea21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58abe3e572a6788b5c87f4365eead1c8f
SHA10a7c09b6fb01ec34e56b9d2779abcd62596222b2
SHA256e01484dd2e515fab85b674861de8cb46075f49bf4a7ea06c06523017b78bd3a2
SHA512627ba8d103c8762da18fadeaede483cda24e8dc07850a855662c47be1ab4ed50113c157a5e824afdf5ebf6514f28e77a61c06605902b7563ff63dfaab0fe9498
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fe5a065907acffc27604f709a39315d
SHA1dd25545758d1b6490640b1730eeacf5bd92754ea
SHA25643334b8789a7013d8a4582b6f65e9a525734ebbcb2160680b85bcb40fbb6c2c2
SHA51242d279b15fcc93bdeb1096d47203c8ec949eb1e13e7f5ceb2c069815dd1f634298c38fa894c6a1611d87d324e37f7116d03edb6c18fb9490350db4a5e22b746e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5875f1d217f9d5bdef70f2f7f9f26f167
SHA1074590f7bbb9736210932e4883a02f27a7de33ff
SHA256c9cbbe9fc08156bb50a065db65952a01ec54525df31da7c3661a788add2dd4ba
SHA512e70e13bfbc285ff7a228e13a024951930c096fe111f977b6201f4ca304327b88736dbefdfc7f0dea73a12f5e717eb24bae663344166958ebeb6d2a19eb1ed5d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522e3e6bbadc78305559a949504041a94
SHA10dfaab28d567bac24949dc48bb1fbe6310715139
SHA25663a75bee0be6984f989475a211d97b14447c91606232be10c14a66eb1edce8f2
SHA51216e818e66fb53f4c1abc7f815d42236d0760aacc0f2a29933ac1a523a8c3503a28083781f55cad9e248ff23ec03df8d5911f56c7c01ebd0e12678b9956a424cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d25eea888f89c7a66dec747c537ac41
SHA1eea742372d840c1f6f7487b8b8194becb84cd185
SHA256508c30714fd01e7f6d8f8d2ca999e5c99b9f6a39c7b562b455d58fd7a962db0a
SHA5121bd56bd9ff1959511cea62be315d0dec10b0a83e55539e0f87564bd300aadc9369fae0d0b55d4a9ff9e4d9a29368a4a3d4de6dca3810df63c0690013641df88b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea77a4b04d3f385d65100fc20c9e35fd
SHA14aeb4d6798a3642f01a17c2fe79742b158d7eeca
SHA2565cc999e425b0c0117315d4bbf5d46ae149eaaa784cca59b4ec7b98bfa62fb669
SHA51279560f4149c285ae5f9453a32180b805cc4db62489d52f2dfd8cf62930a32973c00896437c8b6e16c113b3c23ec0879167d84b184b78ecb08e889afece24693f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c02dac70778e5e9de9a037fa515d684
SHA1cf50207de9e5579528930064d08270912b254445
SHA256ed338882b0b39ec1c0af5e777ba33e7d303e9be739b9f6c27f0216a185a3a0d4
SHA51237e8e591fb251f96a474232d60b635c517d0e80b2212ba85d7b988aa59ad5285229accabbd076343f84fca2181f27d4e26975f0acee0d72004635558fb081272
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51099d42ec74f41d4aa980f18406ab2ad
SHA12b14c68cbd95a828b313fd8c02d15fc0874fcee1
SHA256e356b463cd19e45dce78b0d8b49fa6974c036277e4d28f0af06c68e83b4d6706
SHA512a880c19ecda4dc23fb7f353d034b57f73acfbfc072ac80312ba126c63eb1665a129a5b74e6854d627776ae54a661d1539158cd303eb99da605a06dcefc4880a9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b