Overview
overview
6Static
static
3Easy Paint...ny.ps1
windows7-x64
3Easy Paint...ny.ps1
windows10-2004-x64
3Easy Paint...lp.chm
windows7-x64
1Easy Paint...lp.chm
windows10-2004-x64
1Easy Paint...ai.exe
windows7-x64
6Easy Paint...ai.exe
windows10-2004-x64
6Easy Paint...fl.dll
windows7-x64
1Easy Paint...fl.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 10:59
Behavioral task
behavioral1
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/blotmap/Grainy.ps1
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/blotmap/Grainy.ps1
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/help.chm
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/help.chm
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/sai.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/sai.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/sfl.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/sfl.dll
Resource
win10v2004-20240611-en
General
-
Target
Easy Paint Tool SAI 1.2.0/Paint Tool SAI 1.2.0/help.chm
-
Size
354KB
-
MD5
6b07ad12686295d20f9989b6d7c1999a
-
SHA1
9d911c9ebd0efcd6286b015d300c8e3d02b1fc1c
-
SHA256
23b70c51992d895fb0a103c963d3920e546daf26c8a1fa64e5a7771e969f3aa9
-
SHA512
7771efc09a67a59f63c01660adf3554a0cdb618c4062c93dd2913710db7ada8f0cbe59ce9c4517c7b025750c47ac95b073745b9ba8a476db4d56b6f98bb3b0e9
-
SSDEEP
6144:pePcpaAC8kHgtQ/L6UlMY6qKZtqKvDFySM3fS70UYtS5vCWzSoyynqBc:Z8rAtQaSKWKvgS8s0ttSkWef1e
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
hh.exepid process 424 hh.exe 424 hh.exe