File name:

Synapse X (V2).rar

Full analysis: https://app.any.run/tasks/490d2df3-e1be-4d59-86c4-d72ac2979d7f
Verdict: Malicious activity
Analysis date: July 07, 2020, 15:38:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

A74BF4439B22E2E46C2CD7DE87687251

SHA1:

24BADE5F4048E0CE34B4101606DFD079942FB988

SHA256:

DFF957DF0AA97E937D289EEC630A8238094A6286C846DD8BAE4591AB62A06F15

SSDEEP:

393216:+rIApVNWgH+0gvKAqcM9jAoVow7VMKYd7:+rjpVUge0MKAqcM9thMK+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Synapse X (V2).exe (PID: 584)

    • Application was dropped or rewritten from another process

      • Synapse X (V2).exe (PID: 584)

  • SUSPICIOUS

    • Reads Internet Cache Settings

      • Synapse X (V2).exe (PID: 584)

    • Changes IE settings (feature browser emulation)

      • Synapse X (V2).exe (PID: 584)

    • Reads internet explorer settings

      • Synapse X (V2).exe (PID: 584)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2416)

  • INFO

    • Manual execution by user

      • Synapse X (V2).exe (PID: 584)

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe synapse x (v2).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
584"C:\Users\admin\Desktop\Synapse X (V2)\Synapse X (V2).exe" C:\Users\admin\Desktop\Synapse X (V2)\Synapse X (V2).exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SynapseX - main
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\synapse x (v2)\synapse x (v2).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2416"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Synapse X (V2).rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
571
Read events
543
Write events
28
Delete events
0

Modification events

(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2416) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2416) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Synapse X (V2).rar
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D01000065000000FD0400005A020000
Executable files
4
Suspicious files
2
Text files
1 187
Unknown types
0

Dropped files

PID
Process
Filename
Type
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\Monaco.htmlhtml
MD5:999896134BD43CEFA865F37E514BA62F
SHA256:1ECDD9529EF5487F92736894D94FF680F6C32EE821615D29C0FC814F3A310B4A
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\FastColoredTextBox.dllexecutable
MD5:8610F4D3CDC6CC50022FEDDCED9FDAEB
SHA256:AC926C92CCFC3789A5AE571CC4415EB1897D500A79604D8495241C19ACDF01B9
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\vs\basic-languages\coffee\coffee.jstext
MD5:9D0C4AC1691EED0A480C3E9246490D29
SHA256:E706C9F8E5C5A0CB01B2F4E4879EC34A050D6EB2A8840284EB7BADD9D78099F9
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\exploit-main.dllexecutable
MD5:69907F276CD3B9CE0B2674B239BE9E2C
SHA256:9256432625A30A1E88F383E7E0672D16AC82B3B78EFC9BF40AC971746BF637D4
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\vs\basic-languages\cpp\cpp.jstext
MD5:0A16509E6CD0155FB622E785CFE976C7
SHA256:A7C2BEA7CA3D9E203A3A286735945FE010C8F4F8D46620386EE8BEFC6A78B32B
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Bunifu_UI_v1.5.3.dllexecutable
MD5:2ECB51AB00C5F340380ECF849291DBCF
SHA256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\vs\basic-languages\css\css.jstext
MD5:49AD30F1151CFD7A74677FDC6DD13DA9
SHA256:BD331FD3BD2C37B0C3150035325F163AC9266BF6D942310764815E676D856D91
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\globalf.txttext
MD5:1700DF0210CDA593D3DF64F51B3CAAEA
SHA256:DEAE98F86C62749E4B642ACB41EA5DFCE0CAF09BC77036AAE82EE814A04ED9E0
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\globalns.txttext
MD5:BA56C14634B7AE6FB585BE396ACF5F03
SHA256:5CB987E7C87F2F04CDD45F3A474FB2380BBF846534E38F2B485EAFC562B7B482
2416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2416.17819\Synapse X (V2)\Monaco\vs\basic-languages\csp\csp.jstext
MD5:22ADA25D590811DCFF4E5F5D698E583B
SHA256:4B5A5D7D50986B86B00833447E097C0F01A4388CE1765B48E7E371D06E3A4789
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Synapse X (V2).rar