File name: | Synapse X.zip |
Full analysis: | https://app.any.run/tasks/4349b885-c4d5-4a15-bb5d-44e010969060 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 21:10:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 2A4F3913C992A31E7D0CC45BE18DF119 |
SHA1: | 5DA22BA82349EFE200A564232C2133C2F5528F51 |
SHA256: | 1B72E303855D6CD69DC71B24783F0D43F0C58B2B6C83973EE672174B601BB51D |
SSDEEP: | 196608:15noJeE1+j/4bT3tdQhiKHm9EukBj7yQg5ejJNjjm+OjRRwiq:XoT10YPKHm9SBjBg5eTQjRRS |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Synapse X/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2022:01:23 22:19:07 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3856 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Synapse X.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3588 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Synapse X.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Synapse X.exe | — | WinRAR.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Synapse X Version: 1.0.0.0 Modules
| |||||||||||||||
2380 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
516 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e8ed988,0x6e8ed998,0x6e8ed9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3976 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,3124633276037507271,11431958480988616683,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=992 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
2788 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,3124633276037507271,11431958480988616683,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1388 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3144 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3124633276037507271,11431958480988616683,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
2324 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3124633276037507271,11431958480988616683,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3448 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,3124633276037507271,11431958480988616683,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1552 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3596 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,3124633276037507271,11431958480988616683,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1048 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 Modules
|
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Synapse X.zip | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\AutoRob.txt | text | |
MD5:B5B70D071D096BC2F28C04175B0C59B6 | SHA256:7B251A346721DA706A23CF50A9E69AA3FE45523075D6A1D46D138A64EF9ACC9E | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\Jailbreak Script.txt | text | |
MD5:809E8C36F51129E4D7EAC7CFD97702A2 | SHA256:9293C176F8E8FA0449B5EEAB00079F82CC3CA168CC44063941E40D9C4D25460B | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\Freecam Script.txt | text | |
MD5:61940838E42D96999E17E9E0B4404D65 | SHA256:4A1F836674D267E01B3C302A3BBA81CF821E4610BDB838335679BD97C3D7457E | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\exploit-main.dll | executable | |
MD5:9618CC83169B834A03523BC3C216E3F0 | SHA256:B672121A6812ABD6B80EFFDAEF5DF95DC74C1863F29C9855EFE004B578DF4936 | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\Advanced Prison Life UI.txt | text | |
MD5:5616C8B8F301353EC757929976B948D0 | SHA256:3248C19E0002F732503D0970277B212931176CA11105D58546CED6F78B1D3C86 | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\BrokenBonesIV.txt | text | |
MD5:328A2D6EE854477896ECDF75E0F1FC6E | SHA256:53F93CE6CBE9EBB909AFABF70A419823AE49B1EB55DFAE77C6C65BECF0466462 | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\MM2.lua | text | |
MD5:933DFC531AEAC6B3F8C80CD013B9F585 | SHA256:243263E0349B1690CD242666116AE6BD79E3E1271C95D8D200AE0ABFAF77E6FA | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\Dex Explorer.txt | text | |
MD5:5C3866FD535E0D8753999ABAD37CC58A | SHA256:9CF75612842A8527D3E7C112690B5A0758FB996D536E0D2218CB6C63846A1FC0 | |||
3856 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3856.32111\Synapse X\Scripts\SharkBite.txt | text | |
MD5:3286FBD569B8B614C81C86947FBF4816 | SHA256:1D1F1EC25B9BDE78214F76D9027DEA8AC1CCCB7CD36FB9889C6730EC143EE62C | |||
2380 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61EF15F0-94C.pma | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2788 | chrome.exe | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | crx | 242 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2788 | chrome.exe | 142.250.185.109:443 | accounts.google.com | Google Inc. | US | suspicious |
2788 | chrome.exe | 142.250.185.163:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 142.250.186.46:443 | clients2.google.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 142.250.185.227:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 142.250.186.161:443 | lh5.googleusercontent.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 172.217.18.110:443 | apis.google.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 142.250.186.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 142.250.186.131:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2788 | chrome.exe | 128.116.123.3:443 | www.roblox.com | University Corporation for Atmospheric Research | US | suspicious |
2788 | chrome.exe | 142.250.184.228:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.google.com |
| whitelisted |
clients2.google.com |
| whitelisted |
accounts.google.com |
| shared |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
encrypted-tbn0.gstatic.com |
| whitelisted |
lh5.googleusercontent.com |
| whitelisted |