Analysis

  • max time kernel
    192s
  • max time network
    259s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 20:16

General

  • Target

    PaintDotNet.exe

  • Size

    2.0MB

  • MD5

    da11080e76aa6f6ddaf949dacdf91695

  • SHA1

    17739eade33984b9f7728c9e8014f4cb7d09f98f

  • SHA256

    e1db30ca7b39d386225b19be53bbf045247c0565072024c9fae2457f256c8a85

  • SHA512

    7a13913fd3e28fe1642a439e9a4d9cb5516bce6fd0068aeecb29af1000b98a70fd02e4cc103aed3f3831c75fbb2d73b9027fbc80daf56c469c76e90861afb41a

  • SSDEEP

    24576:J/HykHxgVwLB5ziKE+t6LR15OXdvJd2C5O49e5wY8hh:dwcBxiKET4bd2C5f

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PaintDotNet.exe
    "C:\Users\Admin\AppData\Local\Temp\PaintDotNet.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1488-0-0x0000025143490000-0x0000025143698000-memory.dmp

    Filesize

    2.0MB

  • memory/1488-1-0x000002515DBF0000-0x000002515DC88000-memory.dmp

    Filesize

    608KB

  • memory/1488-2-0x000002515DEF0000-0x000002515E0F2000-memory.dmp

    Filesize

    2.0MB

  • memory/1488-4-0x00007FF8C61F0000-0x00007FF8C6CB1000-memory.dmp

    Filesize

    10.8MB

  • memory/1488-5-0x000002515E100000-0x000002515E1FC000-memory.dmp

    Filesize

    1008KB

  • memory/1488-3-0x000002515DCE0000-0x000002515DDD0000-memory.dmp

    Filesize

    960KB

  • memory/1488-6-0x000002515DCB0000-0x000002515DCC0000-memory.dmp

    Filesize

    64KB

  • memory/1488-7-0x00007FF8C61F0000-0x00007FF8C6CB1000-memory.dmp

    Filesize

    10.8MB