Overview
overview
3Static
static
1synllc.git...ace.js
windows7-x64
3synllc.git...ace.js
windows10-2004-x64
3synllc.git...ook.js
windows7-x64
3synllc.git...ook.js
windows10-2004-x64
3synllc.git...min.js
windows7-x64
3synllc.git...min.js
windows10-2004-x64
3synllc.git...n.html
windows7-x64
3synllc.git...n.html
windows10-2004-x64
3synllc.git...g.html
windows7-x64
3synllc.git...g.html
windows10-2004-x64
3synllc.git...t.html
windows7-x64
3synllc.git...t.html
windows10-2004-x64
3synllc.git...y.html
windows7-x64
3synllc.git...y.html
windows10-2004-x64
3synllc.git...tor.js
windows7-x64
3synllc.git...tor.js
windows10-2004-x64
3synllc.git...min.js
windows7-x64
3synllc.git...min.js
windows10-2004-x64
3synllc.git...ght.js
windows7-x64
3synllc.git...ght.js
windows10-2004-x64
3synllc.git...x.html
windows7-x64
3synllc.git...x.html
windows10-2004-x64
3synllc.git...n.html
windows7-x64
3synllc.git...n.html
windows10-2004-x64
3synllc.git...n.html
windows7-x64
3synllc.git...n.html
windows10-2004-x64
3synllc.git...min.js
windows7-x64
3synllc.git...min.js
windows10-2004-x64
3synllc.git...ust.js
windows7-x64
3synllc.git...ust.js
windows10-2004-x64
3synllc.git...t.html
windows7-x64
3synllc.git...t.html
windows10-2004-x64
3Analysis
-
max time kernel
17s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/11/2024, 22:38
Static task
static1
Behavioral task
behavioral1
Sample
synllc.github.io/synapse-x-documentation/ace.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
synllc.github.io/synapse-x-documentation/ace.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
synllc.github.io/synapse-x-documentation/book.js
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
synllc.github.io/synapse-x-documentation/book.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
synllc.github.io/synapse-x-documentation/clipboard.min.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
synllc.github.io/synapse-x-documentation/clipboard.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
synllc.github.io/synapse-x-documentation/development/dev_introduction.html
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
synllc.github.io/synapse-x-documentation/development/dev_introduction.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
synllc.github.io/synapse-x-documentation/development/supervisor_programming.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
synllc.github.io/synapse-x-documentation/development/supervisor_programming.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
synllc.github.io/synapse-x-documentation/development/syn_environment.html
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
synllc.github.io/synapse-x-documentation/development/syn_environment.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
synllc.github.io/synapse-x-documentation/development/syn_security.html
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
synllc.github.io/synapse-x-documentation/development/syn_security.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
synllc.github.io/synapse-x-documentation/editor.js
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
synllc.github.io/synapse-x-documentation/editor.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
synllc.github.io/synapse-x-documentation/elasticlunr.min.js
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
synllc.github.io/synapse-x-documentation/elasticlunr.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
synllc.github.io/synapse-x-documentation/highlight.js
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
synllc.github.io/synapse-x-documentation/highlight.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
synllc.github.io/synapse-x-documentation/index.html
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
synllc.github.io/synapse-x-documentation/index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
synllc.github.io/synapse-x-documentation/install/installation.html
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
synllc.github.io/synapse-x-documentation/install/installation.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
synllc.github.io/synapse-x-documentation/introduction.html
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
synllc.github.io/synapse-x-documentation/introduction.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
synllc.github.io/synapse-x-documentation/mark.min.js
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
synllc.github.io/synapse-x-documentation/mark.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
synllc.github.io/synapse-x-documentation/mode-rust.js
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
synllc.github.io/synapse-x-documentation/mode-rust.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
synllc.github.io/synapse-x-documentation/print.html
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
synllc.github.io/synapse-x-documentation/print.html
Resource
win10v2004-20241007-en
General
-
Target
synllc.github.io/synapse-x-documentation/development/supervisor_programming.html
-
Size
29KB
-
MD5
5a409e0e513c1b49b1dcda6f87772e72
-
SHA1
cd895e353b3b26b2e6042a852aa69a5f235477aa
-
SHA256
ea9725e1f451938131edb43cb067c0d49a7dfc30b49e97b1171479159567982e
-
SHA512
b403e7aa95b0577c35c1a87a938e9cd3e592be8342a5a1327fabdac38aa49ab0884a15790e220f59335a06ec2e7fc6204e13331b4542ed4d200740e802bf7d0e
-
SSDEEP
384:BJnxfrhu8SDfJsM0Il6Pof/oaADEcvVOjdjkOApO/nf4DaAbFtf0fXUCqZXYjoUP:BJJTRHTfnblKaa
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{123BB601-9D59-11EF-A02E-FA59FB4FA467} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2516 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2516 iexplore.exe 2516 iexplore.exe 2992 IEXPLORE.EXE 2992 IEXPLORE.EXE 2992 IEXPLORE.EXE 2992 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2516 wrote to memory of 2992 2516 iexplore.exe 30 PID 2516 wrote to memory of 2992 2516 iexplore.exe 30 PID 2516 wrote to memory of 2992 2516 iexplore.exe 30 PID 2516 wrote to memory of 2992 2516 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\synllc.github.io\synapse-x-documentation\development\supervisor_programming.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2992
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8db2711f841b2fa8eb9c8d02a9736b5
SHA1e0977df643eaf020fa2d238650b541203060011a
SHA2569792d75c1cb5f6563d34b3a5ac60bbf9003d704a5629831eb49af7717c0bb5c3
SHA5125ae9cd56811f9df605b26f49458cfc757dc633f8312a78754aa7822eb5f8f9b5551beed7a467e3e6d19cdc101abc496b6d607253719f5b2342d8e781486e2a6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522c89a27c7f54fff2dc703e9bc221f41
SHA1a7bf2a8db1223e40d8e882a37bc45d03a0332f7d
SHA2565a9bea5803fc6b1b65c7230b8a7b99dd90fa4f203093be219019b02d5be06d73
SHA51248c6b94a3c5401033bc2b571a5a1a53e4ebd1caa8e53cfb965f2589fff506b2b7d57db43c5b2414c2fd5170a918ed18a707bab7eef44502172dcd552e343b38b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d45b3e6d7811765c692902a97ac4bdf5
SHA140e1adaf093d0cbf2028ca30672b1e3a70d3745f
SHA256d95d20cc43a54aeec6c04fbf5b37088b7c0bf295f20438668a6dbf4021d10f6b
SHA512bf19b09811b658793e632d47560fc18134b697bba5aacc5a0e0605c1da705d0727f128763df2b9d803ff0a39032b6fa04fcb5c927fd054743fef639d5d0b5b25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500efaa53b301862505e48e4f63d13665
SHA182603504cff3cf77c4683f19df1208399cb88d83
SHA25639c8238a374307465eb6e3acebea3244a7b05a104f047a4fbda3e40683948493
SHA512c5e2da9118a1611b2cb598c764312e04af222e188734b826e3873a2f2aaf058da3d33cdae3a5ea0ad5bd3dacd17bf513b3aa5b1043ec70d3fee3b263143dcf91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5345b825c8baf58fead6f4abf3074110e
SHA155c7d7bac7ad13ab192bc6a44298373224e6712d
SHA2564dad62c34eafc476284c065361e87e691728b24aaf7923b46b43d77c3a7f9525
SHA512f33e96a6aad3d3934195f32662415c7ea046fd16a21a50a649d00934038d45ec20a4985d4cf05552982f296b68fa733e14fa8b3743ddc3e1b30b5651cdbe8f13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55046e85071964d1b27c8f2bbfac2145a
SHA16ed08983600dc53d038aa1f7d24646ff4b213e40
SHA256ba586c66c3c80d05012826ca017dba450cc97b20350b7eed83baf13f98aa7d82
SHA512d2666fb50038b18cf4b986511ae909d1d468b60c78ea3417b7b219ae65265e2eabb86a69d57d86a90768e1d44cb48c9f22e4eb721ae3abaa9929444e9951f841
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532c156d4f73378cbad89d1fb2cc36d96
SHA1dbf045f892a3fd1a58afe39bc17a2a9bd14b56fb
SHA256607628ee399029cdc3cd5546631f7fd2cd31110373e0d87dcdcf823431efbc88
SHA51278e1714a0d6d7a9dc32b77fdbd13be324a37322655dbed4b3980bfbe231158d7b04f9b53d4e230447b8908ebe1595fa0defa9559964027a83d0f2e6663053164
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531fad2c22eb29410dd2e6351e9fbbc11
SHA1bc8a0219ae0f24c0ff7c4946bf6d745453a10167
SHA256ea73be6f503914885d1a0a20788ff53adc84e3f32d81827487d35e7e12e5513a
SHA51267116292b7c12538198846720f34c49b84d536a6f4a65478237dabcbf3e4d634815bf92e77f020e485a30f9ff83283526725183846be5823c88285ec3ed05c47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD559b1687154208bd292b237cf33d0e8c6
SHA13ac4b960e52d6bf80b66da66f8392e40c2256afc
SHA2566742fdb6210585fa6f190a7aff17cb284cd53564e11476e68c88dbb9d5faf320
SHA51267fbd78cc030e35f27f0ee924e4986b18e018a0071c3d65e697122acabe028a8fa74541ff0d907ac4c360efc3182c8953d74c471c4ab1e1f9dfc00429c7388f9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b