Overview

overview

7

Static

static

1

Clip Studi....0.rar

windows7-x64

3

Clip Studi....0.rar

windows10-2004-x64

3

Clip Studi....0.rar

windows7-x64

3

Clip Studi....0.rar

windows10-2004-x64

3

Clip Studi...nt.exe

windows7-x64

1

Clip Studi...nt.exe

windows10-2004-x64

1

Clip Studi...up.exe

windows7-x64

7

Clip Studi...up.exe

windows10-2004-x64

7

Clip Studi...me.txt

windows7-x64

1

Clip Studi...me.txt

windows10-2004-x64

1

Clip Studi...RE.mp4

windows7-x64

1

Clip Studi...RE.mp4

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2023, 13:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Clip Studio Paint EX v2.0.0/Clip Studio Paint EX v2.0.0.rar

  • Size

    396.3MB

  • MD5

    5127f15fa815f080c45a74eb8a414357

  • SHA1

    b4dc92c8fbadca896176260e5a4ec1053bb7c84d

  • SHA256

    fecfa35dc078db4df3341953d53ba51064e17629a8a527cfa9c361aa1a81e1ff

  • SHA512

    eba24eadf584d35b0450518b9d2a56b66e061cadd7cb73fd89aaa81fcdb3cafa76fa6066d6f774678a46484cfc20fb68d01cbd8d1bbb5af432250b2c92351d07

  • SSDEEP

    6291456:yGgO0Xug2tIP7QW4v79p6XD+NQZ2R4iGnUWiHoNdAVL2VZE8C8WO98ZU/Lbq:yHug2IPclpw64FiHu+SVw8WOSOnq

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Clip Studio Paint EX v2.0.0\Clip Studio Paint EX v2.0.0.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Clip Studio Paint EX v2.0.0\Clip Studio Paint EX v2.0.0.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Clip Studio Paint EX v2.0.0\Clip Studio Paint EX v2.0.0.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:988

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/988-83-0x000000013F300000-0x000000013F3F8000-memory.dmp

          Filesize

          992KB

          Download

        • memory/988-84-0x000007FEFAB70000-0x000007FEFABA4000-memory.dmp

          Filesize

          208KB

          Download

        • memory/988-85-0x000007FEF6370000-0x000007FEF6624000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/988-86-0x000007FEFB340000-0x000007FEFB358000-memory.dmp

          Filesize

          96KB

          Download

        • memory/988-87-0x000007FEFAB30000-0x000007FEFAB47000-memory.dmp

          Filesize

          92KB

          Download

        • memory/988-88-0x000007FEFAB10000-0x000007FEFAB21000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-89-0x000007FEFAA90000-0x000007FEFAAA7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/988-90-0x000007FEFAA70000-0x000007FEFAA81000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-91-0x000007FEFAA50000-0x000007FEFAA6D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/988-92-0x000007FEFA880000-0x000007FEFA891000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-93-0x000007FEF60F0000-0x000007FEF62F0000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/988-94-0x000007FEF5040000-0x000007FEF60EB000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/988-95-0x000007FEFA840000-0x000007FEFA87F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/988-96-0x000007FEFA810000-0x000007FEFA831000-memory.dmp

          Filesize

          132KB

          Download

        • memory/988-97-0x000007FEFA7F0000-0x000007FEFA808000-memory.dmp

          Filesize

          96KB

          Download

        • memory/988-98-0x000007FEFA690000-0x000007FEFA6A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-99-0x000007FEFA670000-0x000007FEFA681000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-100-0x000007FEFA650000-0x000007FEFA661000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-101-0x000007FEFA630000-0x000007FEFA64B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/988-102-0x000007FEFA610000-0x000007FEFA621000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-103-0x000007FEFA5F0000-0x000007FEFA608000-memory.dmp

          Filesize

          96KB

          Download

        • memory/988-104-0x000007FEF6DB0000-0x000007FEF6DE0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/988-105-0x000007FEF6770000-0x000007FEF67D7000-memory.dmp

          Filesize

          412KB

          Download

        • memory/988-106-0x000007FEF4FD0000-0x000007FEF503F000-memory.dmp

          Filesize

          444KB

          Download

        • memory/988-107-0x000007FEF6D90000-0x000007FEF6DA1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-108-0x000007FEF4F70000-0x000007FEF4FC6000-memory.dmp

          Filesize

          344KB

          Download

        • memory/988-109-0x000007FEF6340000-0x000007FEF6368000-memory.dmp

          Filesize

          160KB

          Download

        • memory/988-110-0x000007FEF4F40000-0x000007FEF4F64000-memory.dmp

          Filesize

          144KB

          Download

        • memory/988-111-0x000007FEF6D70000-0x000007FEF6D87000-memory.dmp

          Filesize

          92KB

          Download

        • memory/988-112-0x000007FEF4F10000-0x000007FEF4F33000-memory.dmp

          Filesize

          140KB

          Download

        • memory/988-113-0x000007FEF4EF0000-0x000007FEF4F01000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-115-0x000007FEF4DD0000-0x000007FEF4DF1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/988-114-0x000007FEF4E00000-0x000007FEF4E12000-memory.dmp

          Filesize

          72KB

          Download

        • memory/988-116-0x000007FEF4DB0000-0x000007FEF4DC3000-memory.dmp

          Filesize

          76KB

          Download

        • memory/988-117-0x000007FEF4CF0000-0x000007FEF4D02000-memory.dmp

          Filesize

          72KB

          Download

        • memory/988-118-0x000007FEF4BB0000-0x000007FEF4CEB000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/988-119-0x000007FEF4B80000-0x000007FEF4BAC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/988-120-0x000007FEF4950000-0x000007FEF4B02000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/988-121-0x000007FEF48F0000-0x000007FEF494C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/988-122-0x000007FEF4790000-0x000007FEF47A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-123-0x000007FEF46F0000-0x000007FEF4787000-memory.dmp

          Filesize

          604KB

          Download

        • memory/988-124-0x000007FEF45F0000-0x000007FEF4602000-memory.dmp

          Filesize

          72KB

          Download

        • memory/988-125-0x000007FEF43B0000-0x000007FEF45E1000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/988-126-0x000007FEF4290000-0x000007FEF43A2000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/988-127-0x000007FEF3DE0000-0x000007FEF3E15000-memory.dmp

          Filesize

          212KB

          Download

        • memory/988-128-0x000007FEF3DB0000-0x000007FEF3DD5000-memory.dmp

          Filesize

          148KB

          Download

        • memory/988-129-0x000007FEF3D90000-0x000007FEF3DA1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-130-0x000007FEF3D20000-0x000007FEF3D81000-memory.dmp

          Filesize

          388KB

          Download

        • memory/988-131-0x000007FEF3AB0000-0x000007FEF3AC1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-132-0x000007FEF3A90000-0x000007FEF3AA2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/988-133-0x000007FEF3A70000-0x000007FEF3A83000-memory.dmp

          Filesize

          76KB

          Download

        • memory/988-134-0x000007FEF39D0000-0x000007FEF3A6F000-memory.dmp

          Filesize

          636KB

          Download

        • memory/988-135-0x000007FEF39B0000-0x000007FEF39C1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-136-0x000007FEF38A0000-0x000007FEF39A2000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/988-137-0x000007FEF3880000-0x000007FEF3891000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-138-0x000007FEF3860000-0x000007FEF3871000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-139-0x000007FEF3840000-0x000007FEF3851000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-140-0x000007FEF3820000-0x000007FEF3832000-memory.dmp

          Filesize

          72KB

          Download

        • memory/988-141-0x000007FEF3800000-0x000007FEF3818000-memory.dmp

          Filesize

          96KB

          Download

        • memory/988-142-0x000007FEF37E0000-0x000007FEF37F6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/988-143-0x000007FEF37B0000-0x000007FEF37D9000-memory.dmp

          Filesize

          164KB

          Download

        • memory/988-144-0x000007FEF3790000-0x000007FEF37A2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/988-145-0x000007FEF3770000-0x000007FEF3781000-memory.dmp

          Filesize

          68KB

          Download

        • memory/988-146-0x000007FEF3750000-0x000007FEF3761000-memory.dmp

          Filesize

          68KB

          Download