analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Synapse-X.zip

Full analysis: https://app.any.run/tasks/aa5e54cc-82ba-4aba-b70c-47e802a8f510
Verdict: Malicious activity
Analysis date: August 08, 2020, 19:18:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

59A03A7CF8C86585FC0F977662EAF0D7

SHA1:

2CFFDB8A8B8A14B479D26701CD9A3CCE61F845C8

SHA256:

8300F174F45AA59CD395B8DB0ED9CACAC25111C03D0363FF4DDA391A722FEFD0

SSDEEP:

12288:eVh3lXJKeAQDpUSpaA9eCYkGglxFWtDISTjoyRxpqm3mmsobpZx:en35JKezWSMATYkfWtESTjo16jsQZx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • xuGid.bin (PID: 3816)

    • Application was dropped or rewritten from another process

      • Synapse X.exe (PID: 3440)
      • xuGid.bin (PID: 3816)
      • Synapse X.exe (PID: 3600)
      • xuGid.bin (PID: 2544)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2508)
      • Synapse X.exe (PID: 3440)

    • Reads Environment values

      • xuGid.bin (PID: 3816)
      • xuGid.bin (PID: 2544)

    • Reads the BIOS version

      • xuGid.bin (PID: 3816)
      • xuGid.bin (PID: 2544)

    • Starts application with an unusual extension

      • Synapse X.exe (PID: 3440)
      • Synapse X.exe (PID: 3600)

  • INFO

    • Reads settings of System Certificates

      • Synapse X.exe (PID: 3600)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Synapse-X/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2020:02:17 13:16:12
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
0
Suspicious processes
5

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start winrar.exe synapse x.exe xugid.bin synapse x.exe xugid.bin

Process information

PID
CMD
Path
Indicators
Parent process
2508"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Synapse-X.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3440"C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\Synapse X.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\Synapse X.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Synapse Bootstrapper
Exit code:
0
Version:
1.0.0.0
3816"bin\xuGid.bin"C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\bin\xuGid.bin
Synapse X.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
Version:
1.0.0.0
3600"C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\Synapse X.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\Synapse X.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Synapse Bootstrapper
Exit code:
0
Version:
1.0.0.0
2544"bin\xuGid.bin"C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\bin\xuGid.bin
Synapse X.exe
User:
admin
Integrity Level:
MEDIUM
Version:
1.0.0.0
Total events
707
Read events
614
Write events
0
Delete events
0

Modification events

No data
Executable files
6
Suspicious files
1
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\__rzi_2508.21132
MD5:
SHA256:
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\Synapse X.exeexecutable
MD5:DE7A8672A0ABF82387AE7D79784CCC7C
SHA256:48D3B27D2F2E589E0007E064FC442A08A8DAC43E245735546F67BFC6A272ABEE
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\Synapse X.exeexecutable
MD5:DE7A8672A0ABF82387AE7D79784CCC7C
SHA256:48D3B27D2F2E589E0007E064FC442A08A8DAC43E245735546F67BFC6A272ABEE
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\bin\xuGid.binexecutable
MD5:7E44A6CD41FEF56431064AB36D905B86
SHA256:31151BCBC1E67EE45B5B76A4684E2C5993AA0AF346FE3BECB341D623D27E0F25
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\auth\options.bintext
MD5:AF17A5DC7582782A08F07C3CE00B1B10
SHA256:D69269E316A2D979E82001E5C3B6FF2DF6549131425FA6F5D78FD668105B2890
3440Synapse X.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\bin\xuGid.binexecutable
MD5:7E44A6CD41FEF56431064AB36D905B86
SHA256:31151BCBC1E67EE45B5B76A4684E2C5993AA0AF346FE3BECB341D623D27E0F25
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\README.txttext
MD5:F7075A4CAB266415C7BF79E5BBAA1347
SHA256:5C0559290D9DF1CCBC179E83308825206BA26BFFFDE500B8F09DCA1951CDAFCB
3816xuGid.binC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\auth\options.bintext
MD5:AF17A5DC7582782A08F07C3CE00B1B10
SHA256:D69269E316A2D979E82001E5C3B6FF2DF6549131425FA6F5D78FD668105B2890
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\README.txttext
MD5:F7075A4CAB266415C7BF79E5BBAA1347
SHA256:5C0559290D9DF1CCBC179E83308825206BA26BFFFDE500B8F09DCA1951CDAFCB
2508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Synapse-X.zipcompressed
MD5:1BDDF737025F0D3C8F2E51DBA37E0E45
SHA256:7129B3476C5195E242725E3CB2D49EBAC357B4F6B13669F83C245DE6213E1ED8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3440
Synapse X.exe
104.22.12.247:443
synapse.to
Cloudflare Inc
US
suspicious
3440
Synapse X.exe
104.22.13.247:443
synapse.to
Cloudflare Inc
US
unknown
3816
xuGid.bin
104.22.12.247:443
synapse.to
Cloudflare Inc
US
suspicious
3600
Synapse X.exe
104.22.12.247:443
synapse.to
Cloudflare Inc
US
suspicious
2544
xuGid.bin
104.22.12.247:443
synapse.to
Cloudflare Inc
US
suspicious

DNS requests

Domain
IP
Reputation
synapse.to
  • 104.22.12.247
  • 172.67.38.129
  • 104.22.13.247
whitelisted
cdn.synapse.to
  • 104.22.13.247
  • 104.22.12.247
  • 172.67.38.129
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Synapse-X.zip