File name: | synapse-launcher-11-17-21 (4).zip |
Full analysis: | https://app.any.run/tasks/503917c0-2690-4e83-aeac-a25bff63ace5 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 17:29:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E5EB2CB7B70701AB11A279B8ECA15EDA |
SHA1: | 9760D0724E6E03CE62565FD16404B9CA0577C227 |
SHA256: | 0314DE51CAA9B0A86A8EB4947F6868707DE4C45C0BE8165C77D77F22D6F38E5F |
SSDEEP: | 6144:nSGO4OZazXXGIz2HA/J0OqystAilL2hDO5Hp2ypz89S49ttWZIw/E1y5e:SG+ZEX2IzyEeLy2pLpz89xCOwM1y5e |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2021:11:17 13:43:03 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | synapse-launcher-11-17-21/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1988 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\synapse-launcher-11-17-21 (4).zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1256 | "C:\Users\admin\Desktop\synapse-launcher-11-17-21\Synapse Launcher.exe" | C:\Users\admin\Desktop\synapse-launcher-11-17-21\Synapse Launcher.exe | Explorer.EXE | |
User: admin Company: Synapse Softworks LLC Integrity Level: MEDIUM Description: Synapse Softworks Launcher Exit code: 0 Version: 1.1.0.0 | ||||
3924 | "C:\Users\admin\Desktop\synapse-launcher-11-17-21\Synapse Launcher.exe" | C:\Users\admin\Desktop\synapse-launcher-11-17-21\Synapse Launcher.exe | Explorer.EXE | |
User: admin Company: Synapse Softworks LLC Integrity Level: MEDIUM Description: Synapse Softworks Launcher Exit code: 0 Version: 1.1.0.0 | ||||
996 | "bin\xuGid.bin" | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\xuGid.bin | Synapse Launcher.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 1.0.0.0 | ||||
3628 | "bin\1NLbz5sRnL8kR.exe" | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\1NLbz5sRnL8kR.exe | xuGid.bin | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 | ||||
2716 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
2760 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | 1NLbz5sRnL8kR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Pen and Touch Input Component Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2908 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | 1NLbz5sRnL8kR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 24 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3924 | Synapse Launcher.exe | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\xuGid.bin | executable | |
MD5:C2871D1029B1BFA0D97581557DC6CEEA | SHA256:AF8BE24F3A4239CA9C369A1F5E06F0D49011C7E59678B450E390EE332941B8F7 | |||
3628 | 1NLbz5sRnL8kR.exe | C:\Users\admin\Desktop\synapse-launcher-11-17-21\auth\options.bin | text | |
MD5:B68E2F6C206A11A3BBAE8758396338B0 | SHA256:11924BDE40385A538CA9E4391708CF3250C748AE7E24199592871A5684F533BC | |||
996 | xuGid.bin | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\SLAgent.dll | executable | |
MD5:3C2AB2C87918358092DECB3C3B82FF44 | SHA256:F2662DFE884C98F6AF24A96D5E4AC22394E37F46C1FF9497436E2FC79085FC23 | |||
996 | xuGid.bin | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\1NLbz5sRnL8kR.exe | executable | |
MD5:C2871D1029B1BFA0D97581557DC6CEEA | SHA256:AF8BE24F3A4239CA9C369A1F5E06F0D49011C7E59678B450E390EE332941B8F7 | |||
3924 | Synapse Launcher.exe | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\SynapseInjector.dll | executable | |
MD5:B246479720332882C823BE9A07C47E62 | SHA256:94DA330B0E9D8A03DBF7F585BCD2F42F5957C5AF869A93EB1CDD8F40617D88B2 | |||
1988 | WinRAR.exe | C:\Users\admin\Desktop\synapse-launcher-11-17-21\Synapse Launcher.exe | executable | |
MD5:154E1239C1BB0E04B18F27AABFFCD6E7 | SHA256:93FC4441B3648A74D3BC72CC5F34CED564CECA74A5E560961178B42A6C8416B0 | |||
3628 | 1NLbz5sRnL8kR.exe | C:\Users\admin\Desktop\synapse-launcher-11-17-21\bin\theme-wpf.json | binary | |
MD5:F92E57A56C890DA7B29A80219EDA8B76 | SHA256:A55CF3C1A752CECCE303C97F08FEA682644297CDE884AFFB25849E2CB7B90A30 | |||
1988 | WinRAR.exe | C:\Users\admin\Desktop\synapse-launcher-11-17-21\README.txt | text | |
MD5:DC2B17CED7F566C8C8FA76E76388100E | SHA256:5E546413B92E3B07CC9BDE569A8ECFD9FCBC6C5FF0A65608C893B927B8AACDE7 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1256 | Synapse Launcher.exe | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
1256 | Synapse Launcher.exe | 172.67.38.129:443 | synapse.to | — | US | suspicious |
3924 | Synapse Launcher.exe | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
3628 | 1NLbz5sRnL8kR.exe | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
3924 | Synapse Launcher.exe | 172.67.38.129:443 | synapse.to | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
synapse.to |
| whitelisted |
cdn.synapse.to |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |