download: | Synapse_X_exe |
Full analysis: | https://app.any.run/tasks/889525b4-f9e7-443d-ba75-14e51005802c |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 06:27:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text |
MD5: | 5EF123EDDD0C3C635169EFECEDB5944D |
SHA1: | 3C4E6EC361A89861A546B8EC4FD72E192A4CB1EF |
SHA256: | 4513EC22D9BBD7FC0564EC31EA67CD57F9B14FF7C3699462174D32D67246FF37 |
SSDEEP: | 192:/xI3iAp77c5lQZwEmP6BL+eLZG7YEd+iJyv:i3is745lQZwEfBL+eLZG7ot |
.html | | | HyperText Markup Language (100) |
---|
Title: | Synapse X.exe - AnonFiles |
---|---|
Robots: | index, follow |
viewport: | width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no |
HTTPEquivXUACompatible: | IE=edge |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2964 | "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\Synapse_X_exe.html" | C:\Program Files\Internet Explorer\iexplore.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2928 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2964 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2036 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2964 CREDAT:144390 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2588 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2964 CREDAT:464130 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2268 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Synapse X.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Synapse X.exe | — | iexplore.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 Modules
| |||||||||||||||
3444 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Synapse X (1).exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Synapse X (1).exe | — | iexplore.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:25CC98451BE151F6BDF3CE9D3020C365 | SHA256:69134FEEC6F8BE682BE06C449E36C6E34C4922E4A0A89FF24ED5B9AE3F83629E | |||
2964 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{1AF7F390-D8CF-11EC-BF60-12A9866C77DE}.dat | binary | |
MD5:E4F490D960ACD122DFBD3B7A5303C4F1 | SHA256:0A45D8797BC5340418091E33FAFA7BC40C665950872E9898A810F832E7A1AC0A | |||
2588 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabA925.tmp | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
2588 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | binary | |
MD5:A7F647F4D568E12CDF459A7585EE9A81 | SHA256:8C9E7D0EDE04447DBCFD23611EA27591254D5A38C019960E0B78A6F0113AA8A4 | |||
2588 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
2588 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | der | |
MD5:54E9306F95F32E50CCD58AF19753D929 | SHA256:45F94DCEB18A8F738A26DA09CE4558995A4FE02B971882E8116FC9B59813BB72 | |||
2588 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabA913.tmp | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F | binary | |
MD5:143D96D45EAF7F58408D37EBEC3C37CA | SHA256:3A9A83E204D09B6ADAC76D315C7F99069AFC9C8AF37D23D455825F4D86246AFA | |||
2964 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F | der | |
MD5:5C1113B7526A7723B64400D44129FA78 | SHA256:9ECC27C740862AB2712DA2C4FF31592E2C0A8643576E64551EE344A73FBE2494 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2964 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2588 | iexplore.exe | GET | 200 | 41.63.96.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fff3443c45ebf563 | ZA | compressed | 60.0 Kb | whitelisted |
2588 | iexplore.exe | GET | 200 | 41.63.96.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6ca990fb9d7f960f | ZA | compressed | 60.0 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 41.63.96.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c115194f302924bf | ZA | compressed | 4.70 Kb | whitelisted |
2964 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2964 | iexplore.exe | GET | 200 | 41.63.96.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?deb1c46febd4853f | ZA | compressed | 4.70 Kb | whitelisted |
2588 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x1.c.lencr.org/ | US | der | 717 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 151.101.2.217:445 | vjs.zencdn.net | Fastly | US | suspicious |
— | — | 151.101.66.217:445 | vjs.zencdn.net | Fastly | US | suspicious |
— | — | 151.101.130.217:445 | vjs.zencdn.net | Fastly | US | suspicious |
2964 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 151.101.194.217:445 | vjs.zencdn.net | Fastly | US | suspicious |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
2964 | iexplore.exe | 41.63.96.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | ZA | suspicious |
2964 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2588 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
2588 | iexplore.exe | 217.64.149.200:443 | cdn-102.anonfiles.com | — | IR | unknown |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |
vjs.zencdn.net |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
cdn-102.anonfiles.com |
| suspicious |
x1.c.lencr.org |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |