Overview

overview

3

Static

static

3

Paint Tool...ny.ps1

windows7-x64

1

Paint Tool...ny.ps1

windows10-2004-x64

1

Paint Tool...i2.exe

windows7-x64

3

Paint Tool...i2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 00:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Paint Tool SAI 2.0 (32bit)/blotmap/Grainy.ps1

  • Size

    65KB

  • MD5

    8d441cf210ceb15e85bfd2444898962f

  • SHA1

    a8e30c48e1f87268e0290bc1011f97aedd482bb0

  • SHA256

    58f80a5b55e3da89a0ed704e13b3232039073a252c167e01ebc9d7b93f4d2f45

  • SHA512

    456dae6b410828d9eeea102386a2e23663773af0235e55f59999c19f5c9e8fb29a94561ba5806b1b69c3a9cfca4607f92a10544eb04832a5dc375bf0956a949e

  • SSDEEP

    1536:rQDsSM4JLdE7oY+/H3ll5imLNMuFK1lOis3kpydxoPDifgep:sISMIpNY+f3lDnL7FalOis3ddxualp

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Paint Tool SAI 2.0 (32bit)\blotmap\Grainy.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-4-0x000000001B520000-0x000000001B802000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1712-5-0x0000000001E30000-0x0000000001E38000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1712-6-0x000007FEF5690000-0x000007FEF602D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1712-7-0x000007FEF5690000-0x000007FEF602D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1712-8-0x0000000002A10000-0x0000000002A90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1712-9-0x0000000002A10000-0x0000000002A90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1712-10-0x0000000002A10000-0x0000000002A90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1712-11-0x0000000002A10000-0x0000000002A90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1712-12-0x0000000002A10000-0x0000000002A90000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1712-13-0x000007FEF5690000-0x000007FEF602D000-memory.dmp

    Filesize

    9.6MB

    Download