Overview

overview

10

Static

static

10

Razer Syna...st.rar

windows7-x64

7

Razer Syna...st.rar

windows10-2004-x64

8

Razer Syna...35.exe

windows7-x64

7

Razer Syna...35.exe

windows10-2004-x64

8

��~��(v.pyc

windows7-x64

��~��(v.pyc

windows10-2004-x64

Razer Syna...ean.py

windows7-x64

3

Razer Syna...ean.py

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2024, 09:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Razer Synapse 3 Host/clean.py

  • Size

    2KB

  • MD5

    4e777936ca7fd8fa2bae957b084a33d9

  • SHA1

    bda7bba90b9f769b1d2ca3648831f31983e4261e

  • SHA256

    2a6f17f9f747afd690f8134ee06cbc120d952d09a8d855214fa84e1d80e43e0e

  • SHA512

    3c1fadc4bc7d7944a933eccd0d507127572b1b6ce1f4cf0b945134c109fe100852e8b95f6fea7066d9c773125328461a33a6569bfd750d2ad5994e76d202b65d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Razer Synapse 3 Host\clean.py"
    1⤵
    • Modifies registry class
    PID:2976
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1960

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads