File name: | Synapse X.zip |
Full analysis: | https://app.any.run/tasks/9fb89ed5-6284-4933-8b4e-46cbe27f75e7 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 21:22:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 2A4F3913C992A31E7D0CC45BE18DF119 |
SHA1: | 5DA22BA82349EFE200A564232C2133C2F5528F51 |
SHA256: | 1B72E303855D6CD69DC71B24783F0D43F0C58B2B6C83973EE672174B601BB51D |
SSDEEP: | 196608:15noJeE1+j/4bT3tdQhiKHm9EukBj7yQg5ejJNjjm+OjRRwiq:XoT10YPKHm9SBjBg5eTQjRRS |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Synapse X/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2022:01:23 22:19:07 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3460 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Synapse X.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3148 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Synapse X.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Synapse X.exe | — | WinRAR.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Synapse X Version: 1.0.0.0 Modules
| |||||||||||||||
2996 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\canadas.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 Modules
| |||||||||||||||
2492 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
2784 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e2ad988,0x6e2ad998,0x6e2ad9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
2980 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,16751803291629401274,10121511774458577501,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1060 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
3072 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1052,16751803291629401274,10121511774458577501,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1340 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3972 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,16751803291629401274,10121511774458577501,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 Modules
| |||||||||||||||
3996 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,16751803291629401274,10121511774458577501,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
| |||||||||||||||
1012 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,16751803291629401274,10121511774458577501,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Freecam Script.txt | text | |
MD5:61940838E42D96999E17E9E0B4404D65 | SHA256:4A1F836674D267E01B3C302A3BBA81CF821E4610BDB838335679BD97C3D7457E | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\exploit-main.dll | executable | |
MD5:9618CC83169B834A03523BC3C216E3F0 | SHA256:B672121A6812ABD6B80EFFDAEF5DF95DC74C1863F29C9855EFE004B578DF4936 | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Jailbreak Script.txt | text | |
MD5:809E8C36F51129E4D7EAC7CFD97702A2 | SHA256:9293C176F8E8FA0449B5EEAB00079F82CC3CA168CC44063941E40D9C4D25460B | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\MM2 Auto Farm.txt | text | |
MD5:0C670D854E4A0E413D1C74346393BF0C | SHA256:9C92799CDF85BB9F5C34593D6CB5F6CB37846B337219DD7FBB7CBBD46AF57A7A | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Dex Explorer.txt | text | |
MD5:5C3866FD535E0D8753999ABAD37CC58A | SHA256:9CF75612842A8527D3E7C112690B5A0758FB996D536E0D2218CB6C63846A1FC0 | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Advanced Prison Life UI.txt | text | |
MD5:5616C8B8F301353EC757929976B948D0 | SHA256:3248C19E0002F732503D0970277B212931176CA11105D58546CED6F78B1D3C86 | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Anti-AFK.txt | text | |
MD5:E79F153A0CF5BADDEDD0309AD8177EF2 | SHA256:BF75DF2DD2558A5804E7E2FEAA168064B2DA3EFA652F0355E949117EB198F187 | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Unrestricted Btools.txt | text | |
MD5:88D39FDD8C3F51116DF9CEBAAF329E21 | SHA256:573000752E72784290391E6D894BA908D0A981C0B6AF437DC2C69F55449F3721 | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\MM2.lua | text | |
MD5:933DFC531AEAC6B3F8C80CD013B9F585 | SHA256:243263E0349B1690CD242666116AE6BD79E3E1271C95D8D200AE0ABFAF77E6FA | |||
3460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3460.1035\Synapse X\Scripts\Enable Reset Character.txt | text | |
MD5:72AE47DEEEC8069BE19F0A0E2C1A269D | SHA256:E701732CB1F0E5774C9468E09BD8C1D635801AA1AB832CF85F3D4C2D34627420 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
860 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | — | — | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 9.69 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 43.4 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 9.69 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 88.5 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 5.63 Kb | whitelisted |
2760 | RobloxPlayerLauncher.exe | GET | 200 | 192.124.249.22:80 | http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D | US | der | 1.66 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 20.9 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 9.70 Kb | whitelisted |
860 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3 | US | binary | 358 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3072 | chrome.exe | 142.250.186.106:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 142.250.186.131:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 142.250.181.228:443 | www.google.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 216.58.212.173:443 | accounts.google.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 142.250.185.110:443 | clients2.google.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 142.250.184.227:443 | www.gstatic.com | Google Inc. | US | whitelisted |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
3072 | chrome.exe | 142.250.186.174:443 | apis.google.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 142.250.181.227:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3072 | chrome.exe | 142.250.186.110:443 | encrypted-tbn0.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
clients2.google.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
encrypted-tbn0.gstatic.com |
| whitelisted |
Process | Message |
---|---|
RobloxPlayerBeta.exe | 2022-01-24T21:26:39.029Z,0.029816,0b50,6 [FLog::Output] RobloxGitHash: 6808cda89fc399b0dd5f649acece51d2cd151e77 |
RobloxPlayerBeta.exe | |
RobloxPlayerBeta.exe | 2022-01-24T21:26:39.030Z,0.030816,0b50,6 [FLog::Output] The channel is production |
RobloxPlayerBeta.exe | |
RobloxPlayerBeta.exe | 2022-01-24T21:26:39.103Z,0.103298,0b50,6 [FLog::Error] Test log: Map check complete and successful! |
RobloxPlayerBeta.exe | |
RobloxPlayerBeta.exe | 2022-01-24T21:26:39.103Z,0.103298,0b50,6 [FLog::Error] Dynamic initializer test result: SUCCESS |
RobloxPlayerBeta.exe | |
RobloxPlayerBeta.exe | 2022-01-24T21:26:39.103Z,0.103796,0b50,6 [FLog::Output] TaskSchedulerMk2::applyAsyncTaskThreadCount( 3 ) <req: 0 active: 0> |
RobloxPlayerBeta.exe | |