Investigating an Unfamiliar File with Synapse
Contents
Investigating an Unfamiliar File with Synapse
by savage | 2024-05-20
When introducing analysts to Synapse, one of the questions we frequently hear is a variation of "what would this workflow look like in Synapse?" or "how would you approach investigating this in Synapse?" Here, we’ll walk through using Synapse to conduct a short investigation into an unfamiliar file, highlighting how an analyst might add an indicator to Synapse, use Synapse Power-Ups to query third party data sources for more information, pivot to review related data, and apply tags to keep track of information of interest. We’ll start out with a SHA256 hash of a file that we’ve been asked to look into, and attempt to determine whether the file is malicious, what kind of activity or malware family it may be associated with, and whether there is a C2 or additional related indicators that we can identify.
If you’d like to follow along …
by savage | 2024-05-20
When introducing analysts to Synapse, one of the questions we frequently hear is a variation of "what would this workflow look like in Synapse?" or "how would you approach investigating this in Synapse?" Here, we’ll walk through using Synapse to conduct a short investigation into an unfamiliar file, highlighting how an analyst might add an indicator to Synapse, use Synapse Power-Ups to query third party data sources for more information, pivot to review related data, and apply tags to keep track of information of interest. We’ll start out with a SHA256 hash of a file that we’ve been asked to look into, and attempt to determine whether the file is malicious, what kind of activity or malware family it may be associated with, and whether there is a C2 or additional related indicators that we can identify.
If you’d like to follow along …
IoC
http://ttzcloud.com/upload.php
88.119.169.96
d245f208d2a682f4d2c4464557973bf26dee756b251f162adb00b4074b4db3ac
88.119.169.96
d245f208d2a682f4d2c4464557973bf26dee756b251f162adb00b4074b4db3ac