File name:

[Snipcola] Synapse X (V2).rar

Full analysis: https://app.any.run/tasks/2d316bfe-dc65-499c-94fd-7adec1643884
Verdict: Suspicious activity
Analysis date: January 11, 2020, 19:32:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FAF77CCD6047EA423328EEB1CE198784

SHA1:

683FB62F5C368F7AAC8485AC4A4084263BE61D65

SHA256:

F3BFE8C8523B950642433E1A989FA5FA4DF01968CC9C28B8E7AAA0FF203A3653

SSDEEP:

393216:RuZopsGcbc6EivKRKCyGm8GmtDpo5kel3WYzmj4jBWZm:goj6PKRKCdDp6kexWYzmcjBWQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Synapse X (V2).exe (PID: 3924)

    • Application was dropped or rewritten from another process

      • Synapse X (V2).exe (PID: 3924)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3044)

    • Reads internet explorer settings

      • Synapse X (V2).exe (PID: 3924)

    • Changes IE settings (feature browser emulation)

      • Synapse X (V2).exe (PID: 3924)

    • Reads Internet Cache Settings

      • Synapse X (V2).exe (PID: 3924)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 3044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe synapse x (v2).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3044"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\[Snipcola] Synapse X (V2).rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3924"C:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Synapse X (V2).exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Synapse X (V2).exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SynapseX - main
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3044.20381\synapse x (v2)\synapse x (v2).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
571
Read events
547
Write events
23
Delete events
1

Modification events

(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3044) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\[Snipcola] Synapse X (V2).rar
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3044) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
6
Suspicious files
2
Text files
1 193
Unknown types
1

Dropped files

PID
Process
Filename
Type
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Bunifu_UI_v1.5.3.dllexecutable
MD5:2ECB51AB00C5F340380ECF849291DBCF
SHA256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\classfunc.txttext
MD5:BF32E93D11011EB780619B3E17FB824A
SHA256:519DA000DE235C331F10660509FAB51A1815ACE566B8AE5B511B75813922DCB1
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\base.txttext
MD5:0D834904A252E1AB786F9637BEF6819F
SHA256:DBE440C5DEE6367EBCA919886FFE593246E1E52618E4713373000C9FC77C87CC
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\FastColoredTextBox.dllexecutable
MD5:8610F4D3CDC6CC50022FEDDCED9FDAEB
SHA256:AC926C92CCFC3789A5AE571CC4415EB1897D500A79604D8495241C19ACDF01B9
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\globalv.txttext
MD5:5CF9F238D4E62C8BCDE351651C3A2A45
SHA256:EEB98F2C9911AE8DDD25F1B3BE3732000F16788BDA60AA962E9F8452012B1062
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\globalns.txttext
MD5:BA56C14634B7AE6FB585BE396ACF5F03
SHA256:5CB987E7C87F2F04CDD45F3A474FB2380BBF846534E38F2B485EAFC562B7B482
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\exploit-main.dllexecutable
MD5:69907F276CD3B9CE0B2674B239BE9E2C
SHA256:9256432625A30A1E88F383E7E0672D16AC82B3B78EFC9BF40AC971746BF637D4
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\vs\basic-languages\coffee\coffee.jstext
MD5:9D0C4AC1691EED0A480C3E9246490D29
SHA256:E706C9F8E5C5A0CB01B2F4E4879EC34A050D6EB2A8840284EB7BADD9D78099F9
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\globalf.txttext
MD5:1700DF0210CDA593D3DF64F51B3CAAEA
SHA256:DEAE98F86C62749E4B642ACB41EA5DFCE0CAF09BC77036AAE82EE814A04ED9E0
3044WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3044.20381\Synapse X (V2)\Monaco\vs\basic-languages\handlebars\handlebars.jstext
MD5:3CA7CF83292B56444548F2914C0E1811
SHA256:31D25588D120E7C79F3332FF3B3C794CEBD0554C7578E3BB37B3CAC366E4F6C2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
[Snipcola] Synapse X (V2).rar