af3d6f0d1e0fe6c116c91e86b045994a26123a3da101d92f05e232add071a7cb | Triage

Submit
Reports

Overview

overview

9

Static

static

1

paint.net....eb.exe

windows7-x64

7

paint.net....eb.exe

windows10-2004-x64

9

Sharing

General

Target

paint.net.5.0.1.install.anycpu.web.zip
Size

734KB
Sample

230206-k1kh2sda29
MD5

0605f48c626b1bf8b620983839be9952
SHA1

bc30d2cade333e6070f36665ec31387e3dbf21b6
SHA256

af3d6f0d1e0fe6c116c91e86b045994a26123a3da101d92f05e232add071a7cb
SHA512

99b1d0486aab0410fbbae3cb4dd5f5bf027ae1a64580aae56c6fe4d92dcafb199d649b0a97da60f4ff659094239e0cf9aca9d02a8bf82a91c1ebcdc5ff990085
SSDEEP

12288:SRWOYbY9Z+8OrAi7jVl1U4PmCApui+s+YCumI4khEnEYa/PxwNC:SrYbmZp9g1PmCApu3OPDY2xwNC

Score

9^/10

coreentity discovery

Static task

static1

Behavioral task

behavioral1

Sample

paint.net.5.0.1.install.anycpu.web.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

paint.net.5.0.1.install.anycpu.web.exe

Resource

win10v2004-20220812-en

coreentity discovery

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  paint.net.5.0.1.install.anycpu.web.exe
- Size
  
  1.1MB
- MD5
  
  29d86c3800325e8db85d559a126958b0
- SHA1
  
  6a06773bd7b76103c231dad8bb751d5db157c2e7
- SHA256
  
  de7659f337aa53a731d4c89f5a331869327280325a52c80db11a5829686c09d0
- SHA512
  
  5b9053151acfbf7584438fb1436fbbbc7ea07701c5d20e3ae9bac488252b0896cb18e9d5d4f5762a6282f60810400c5bc734598af0151f1594ad307cf95b2521
- SSDEEP
  
  24576:HrYYYYkWYCzwLhA29pQyIbsIC0BuDgRtIyxwNJ:HrYYYYkvLhA29pmZDj0yxOJ
Score

9^/10

coreentity discovery
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

coreentitydiscovery

© 2018-2024

Terms | Privacy