analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Synapse_X_1.zip

Full analysis: https://app.any.run/tasks/f86e3ab8-6c4f-4bce-a985-fbf0c4ce1129
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: July 13, 2020, 03:28:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
ixware
trojan
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

E5173205D05E767BC3467612C11CB22B

SHA1:

C862D1FE324E8FC69786BCF4E2CC7BF88D9A507E

SHA256:

4E80A0D9A2391C2546A134D01423E61BBEA9336A460BFC8DF73E8E1052F1A125

SSDEEP:

3072:fDqpUEJ2IeRiefo+iaQv/x6cA9phc/dQa6Xq+HK8kTcHmZbLot1boTPo0W2j12uV:rZE8vQv/EcZa7VHKbLbLozoTPoWjJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Synapse X.exe (PID: 1556)

    • Changes the autorun value in the registry

      • Synapse X.exe (PID: 1556)

    • IXWARE was detected

      • Synapse X.exe (PID: 1556)

    • Actions looks like stealing of personal data

      • Synapse X.exe (PID: 1556)

    • Stealing of credential data

      • Synapse X.exe (PID: 1556)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 744)
      • Synapse X.exe (PID: 1556)

    • Reads the cookies of Google Chrome

      • Synapse X.exe (PID: 1556)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2020:02:21 16:00:05
ZipCRC: 0xed8b0004
ZipCompressedSize: 194570
ZipUncompressedSize: 299520
ZipFileName: Synapse X.exe
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe #IXWARE synapse x.exe

Process information

PID
CMD
Path
Indicators
Parent process
744"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Synapse_X_1.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
1556"C:\Users\admin\AppData\Local\Temp\Rar$EXa744.24350\Synapse X.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa744.24350\Synapse X.exe
WinRAR.exe
User:
admin
Company:
Synapse
Integrity Level:
MEDIUM
Description:
Synapse X
Version:
4.0.0.3
Total events
532
Read events
489
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa744.24350\READ FIRST.txttext
MD5:2E0C47DD6F9D9D3998F8699550E8008C
SHA256:0E419CE39B660B4F9E94C8F6041B604646A1E0FA11A469B20C5058AB92EC8859
1556Synapse X.exeC:\Users\admin\AppData\Local\D2C9D4FFAF03C81274C76DEB4BC42E2FF317435D.txttext
MD5:31EBB5F6DC3FEBB4CA68E785029C5C0F
SHA256:F0C8D932BFEE61EFE93FBB0DA781F742643D3ACA30E370C10EF4B75114C8D2A2
744WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa744.24350\Synapse X.exeexecutable
MD5:3D6416A4E37500824038A44F973644FD
SHA256:9AFEFE2F34CD0E078F6C03AD4BEDD2BCF65AD15BE6816AF1CF5232431A9387D5
1556Synapse X.exeC:\Users\admin\AppData\Local\04A7F6A8601B774347E65AD305EDEE3D0C847E1E.pngimage
MD5:F663D79439C111066C91EBC63F122C0A
SHA256:18506BC7749F62E2BD3845493F7795AB0A53ABC1B65FAEA9A680F06CD821DF63
1556Synapse X.exeC:\Users\admin\AppData\Local\Microsoft\Windows\F7CBE6FCCC8D8A1A5AD56F7AE0BBA8D36F031C6A.exeexecutable
MD5:3D6416A4E37500824038A44F973644FD
SHA256:9AFEFE2F34CD0E078F6C03AD4BEDD2BCF65AD15BE6816AF1CF5232431A9387D5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1556
Synapse X.exe
66.171.248.178:443
ipv4bot.whatismyipaddress.com
Alchemy Communications, Inc.
US
malicious
1556
Synapse X.exe
162.159.133.233:443
discordapp.com
Cloudflare Inc
shared

DNS requests

Domain
IP
Reputation
discordapp.com
  • 162.159.133.233
  • 162.159.135.233
  • 162.159.134.233
  • 162.159.130.233
  • 162.159.129.233
whitelisted
ipv4bot.whatismyipaddress.com
  • 66.171.248.178
shared

Threats

PID
Process
Class
Message
1556
Synapse X.exe
Potential Corporate Privacy Violation
ET POLICY Known External IP Lookup Service Domain in SNI
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Synapse_X_1.zip