35b3393164c065c7108e0f1af636da335c26acd71234677d8ed796425d297fd7

Analysis

max time kernel
100s
max time network
102s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01/01/2025, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Syphra.exe
Size

1.6MB
MD5

46630830806724602b9dd8111c6f1d98
SHA1

5324edf8bf5b7c94cac2d869d31641b7557b6701
SHA256

cd45f87c82da868ecd184676d9bf1e8b4cbb5216052920e34ebb04d0591db35b
SHA512

e8b73474dada6167d5428a872031c566131d0a1187be846a455644decd442e610ea10e19b7484395b4791006c9c64988e7ab5cf0e8c0b01d69509c64b9c4b462
SSDEEP

24576:iN1wFnsg060BRUROR+rC7Yg3kzSAnhkqjVnlqud+/2P+A/t2bQUv2gVbAdf:AwFnqoukzlhkqXfd+/9A/M8PgU

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	raw.githubusercontent.com
12	raw.githubusercontent.com
13	raw.githubusercontent.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	Syphra.exe

C:\Users\Admin\AppData\Local\Temp\Syphra.exe
"C:\Users\Admin\AppData\Local\Temp\Syphra.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2964-0-0x00007FF901903000-0x00007FF901905000-memory.dmp

Filesize
8KB

Download
memory/2964-1-0x0000020B656B0000-0x0000020B65852000-memory.dmp

Filesize
1.6MB

Download
memory/2964-2-0x0000020B65BF0000-0x0000020B65C0A000-memory.dmp

Filesize
104KB

Download
memory/2964-3-0x0000020B7FDF0000-0x0000020B7FEA2000-memory.dmp

Filesize
712KB

Download
memory/2964-4-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-5-0x0000020B00BA0000-0x0000020B00CEE000-memory.dmp

Filesize
1.3MB

Download
memory/2964-6-0x0000020B00090000-0x0000020B000A4000-memory.dmp

Filesize
80KB

Download
memory/2964-7-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-8-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-9-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-10-0x00007FF901903000-0x00007FF901905000-memory.dmp

Filesize
8KB

Download
memory/2964-11-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-12-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-13-0x0000020B00CF0000-0x0000020B00E97000-memory.dmp

Filesize
1.7MB

Download
memory/2964-14-0x0000020B02020000-0x0000020B0211F000-memory.dmp

Filesize
1020KB

Download
memory/2964-15-0x00007FF901900000-0x00007FF9023C2000-memory.dmp

Filesize
10.8MB

Download
memory/2964-30-0x0000020B00CF0000-0x0000020B00E97000-memory.dmp

Filesize
1.7MB

Download