Overview

overview

10

Static

static

10

cc552bed96...e1.exe

windows7-x64

10

cc552bed96...e1.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

PaintDotNet.Base.dll

windows7-x64

1

PaintDotNet.Base.dll

windows10-2004-x64

1

PaintDotNet.Core.dll

windows7-x64

1

PaintDotNet.Core.dll

windows10-2004-x64

1

PaintDotNet.Data.dll

windows7-x64

1

PaintDotNet.Data.dll

windows10-2004-x64

1

PaintDotNe...rk.dll

windows7-x64

1

PaintDotNe...rk.dll

windows10-2004-x64

1

PaintDotNe...es.dll

windows7-x64

1

PaintDotNe...es.dll

windows10-2004-x64

1

PaintDotNe...er.dll

windows7-x64

1

PaintDotNe...er.dll

windows10-2004-x64

1

PaintDotNet.exe

windows7-x64

1

PaintDotNet.exe

windows10-2004-x64

1

PaintDotNet_x64.msi

windows7-x64

6

PaintDotNet_x64.msi

windows10-2004-x64

6

PaintDotNet_x86.msi

windows7-x64

6

PaintDotNet_x86.msi

windows10-2004-x64

6

SetupFrontEnd.exe

windows7-x64

1

SetupFrontEnd.exe

windows10-2004-x64

1

SetupShim.exe

windows7-x64

1

SetupShim.exe

windows10-2004-x64

1

System.Buffers.dll

windows7-x64

1

System.Buffers.dll

windows10-2004-x64

1

System.Col...le.dll

windows7-x64

1

System.Col...le.dll

windows10-2004-x64

1

System.Memory.dll

windows7-x64

1

System.Memory.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupShim.exe

  • Size

    134KB

  • MD5

    6d683c23bab272e6aa3b41167d3cafd3

  • SHA1

    1738b9242401846d40be6814d08d6d969aa15394

  • SHA256

    7abea50aecce1c28c6312c6554dce3d72165b902241fa3a2b6d3fc09117b57ef

  • SHA512

    01818bde9490336914d2190cb9c98ce630fb3eb38634c5d231ba027e6e8b4f0d8fc1554c1094bcf669bdd01e02a98d558c7f73f3ea38b391fab0d3d608d9269b

  • SSDEEP

    3072:CIxhlOHEbzW5vMlS6NUX1qo4BE/9ugl+IHhrE90JGsfTyIBvzoTEVhY9HqqXf5I:sHEbzWajik9BEJBr5fTPjwKKxI

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupShim.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Users\Admin\AppData\Local\Temp\SetupFrontEnd.exe
      "SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log
    Filesize

    581B

    MD5

    4747853c42c370c48fc71e4c7169f474

    SHA1

    4a19881efb5a5c549294e9d995e7d085ca7b7975

    SHA256

    8f3df537a3113c6a8e7ec616b945dd4fc54f4fa744a1611883afac391539ec31

    SHA512

    2e3e7c9f1a148461dc3341cb792e6b9f9f7fb4d356d4929c66f8ca8762caa177da970731d58e3e5c4d23c83c39fa303f43c582b2b5914ec823bffa9810e3076b

    Download Submit
  • memory/2472-18-0x00000000102F0000-0x000000001030A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/2472-19-0x0000000001EC0000-0x0000000001F38000-memory.dmp
    Filesize

    480KB

    Download
  • memory/2472-20-0x0000000002D40000-0x0000000002E30000-memory.dmp
    Filesize

    960KB

    Download
  • memory/2472-21-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2472-22-0x0000000003310000-0x0000000003512000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2472-23-0x0000000002020000-0x00000000020B8000-memory.dmp
    Filesize

    608KB

    Download
  • memory/2472-24-0x0000000003930000-0x0000000003B38000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2472-25-0x0000000003720000-0x000000000381C000-memory.dmp
    Filesize

    1008KB

    Download
  • memory/2472-27-0x0000000003E20000-0x0000000003FB8000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2472-26-0x0000000000630000-0x0000000000631000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2472-28-0x0000000000650000-0x0000000000670000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2472-30-0x0000000001F70000-0x0000000001F78000-memory.dmp
    Filesize

    32KB

    Download
  • memory/2472-29-0x0000000002140000-0x00000000021C0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2472-31-0x0000000002140000-0x00000000021C0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2472-48-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2472-54-0x000007FFFFEB0000-0x000007FFFFEC0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2472-60-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2472-61-0x0000000002140000-0x00000000021C0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2472-62-0x0000000002140000-0x00000000021C0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2472-63-0x0000000002140000-0x00000000021C0000-memory.dmp
    Filesize

    512KB

    Download