File name: | Synapse-X.zip |
Full analysis: | https://app.any.run/tasks/aa5e54cc-82ba-4aba-b70c-47e802a8f510 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 19:18:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 59A03A7CF8C86585FC0F977662EAF0D7 |
SHA1: | 2CFFDB8A8B8A14B479D26701CD9A3CCE61F845C8 |
SHA256: | 8300F174F45AA59CD395B8DB0ED9CACAC25111C03D0363FF4DDA391A722FEFD0 |
SSDEEP: | 12288:eVh3lXJKeAQDpUSpaA9eCYkGglxFWtDISTjoyRxpqm3mmsobpZx:en35JKezWSMATYkfWtESTjo16jsQZx |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Synapse-X/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2020:02:17 13:16:12 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2508 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Synapse-X.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3440 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\Synapse X.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\Synapse X.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: Synapse Bootstrapper Exit code: 0 Version: 1.0.0.0 | ||||
3816 | "bin\xuGid.bin" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\bin\xuGid.bin | Synapse X.exe | |
User: admin Integrity Level: MEDIUM Exit code: 4294967295 Version: 1.0.0.0 | ||||
3600 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\Synapse X.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\Synapse X.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: Synapse Bootstrapper Exit code: 0 Version: 1.0.0.0 | ||||
2544 | "bin\xuGid.bin" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\bin\xuGid.bin | Synapse X.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\__rzi_2508.21132 | — | |
MD5:— | SHA256:— | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\Synapse X.exe | executable | |
MD5:DE7A8672A0ABF82387AE7D79784CCC7C | SHA256:48D3B27D2F2E589E0007E064FC442A08A8DAC43E245735546F67BFC6A272ABEE | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\Synapse X.exe | executable | |
MD5:DE7A8672A0ABF82387AE7D79784CCC7C | SHA256:48D3B27D2F2E589E0007E064FC442A08A8DAC43E245735546F67BFC6A272ABEE | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\bin\xuGid.bin | executable | |
MD5:7E44A6CD41FEF56431064AB36D905B86 | SHA256:31151BCBC1E67EE45B5B76A4684E2C5993AA0AF346FE3BECB341D623D27E0F25 | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\auth\options.bin | text | |
MD5:AF17A5DC7582782A08F07C3CE00B1B10 | SHA256:D69269E316A2D979E82001E5C3B6FF2DF6549131425FA6F5D78FD668105B2890 | |||
3440 | Synapse X.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\bin\xuGid.bin | executable | |
MD5:7E44A6CD41FEF56431064AB36D905B86 | SHA256:31151BCBC1E67EE45B5B76A4684E2C5993AA0AF346FE3BECB341D623D27E0F25 | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.21938\Synapse-X\README.txt | text | |
MD5:F7075A4CAB266415C7BF79E5BBAA1347 | SHA256:5C0559290D9DF1CCBC179E83308825206BA26BFFFDE500B8F09DCA1951CDAFCB | |||
3816 | xuGid.bin | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\auth\options.bin | text | |
MD5:AF17A5DC7582782A08F07C3CE00B1B10 | SHA256:D69269E316A2D979E82001E5C3B6FF2DF6549131425FA6F5D78FD668105B2890 | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2508.18936\Synapse-X\README.txt | text | |
MD5:F7075A4CAB266415C7BF79E5BBAA1347 | SHA256:5C0559290D9DF1CCBC179E83308825206BA26BFFFDE500B8F09DCA1951CDAFCB | |||
2508 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Synapse-X.zip | compressed | |
MD5:1BDDF737025F0D3C8F2E51DBA37E0E45 | SHA256:7129B3476C5195E242725E3CB2D49EBAC357B4F6B13669F83C245DE6213E1ED8 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3440 | Synapse X.exe | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
3440 | Synapse X.exe | 104.22.13.247:443 | synapse.to | Cloudflare Inc | US | unknown |
3816 | xuGid.bin | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
3600 | Synapse X.exe | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
2544 | xuGid.bin | 104.22.12.247:443 | synapse.to | Cloudflare Inc | US | suspicious |
Domain | IP | Reputation |
---|---|---|
synapse.to |
| whitelisted |
cdn.synapse.to |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |