Overview

overview

7

Static

static

3

Paint-Tool....0.zip

windows10-2004-x64

1

Paint Tool...ge.bmp

windows10-2004-x64

7

Paint Tool...um.bmp

windows10-2004-x64

7

Paint Tool...la.bmp

windows10-2004-x64

7

Paint Tool...se.bmp

windows10-2004-x64

7

Paint Tool...ts.bmp

windows10-2004-x64

7

Paint Tool...es.bmp

windows10-2004-x64

7

Paint Tool...es.bmp

windows10-2004-x64

7

Paint Tool...py.bmp

windows10-2004-x64

7

Paint Tool...es.bmp

windows10-2004-x64

7

Paint Tool...ts.bmp

windows10-2004-x64

7

Paint Tool...st.bmp

windows10-2004-x64

7

Paint Tool...os.bmp

windows10-2004-x64

7

Paint Tool...es.bmp

windows10-2004-x64

7

Paint Tool...rk.bmp

windows10-2004-x64

7

Paint Tool...es.bmp

windows10-2004-x64

7

Paint Tool...sh.bmp

windows10-2004-x64

7

Paint Tool...ro.bmp

windows10-2004-x64

7

Paint Tool...er.bmp

windows10-2004-x64

7

Paint Tool...es.bmp

windows10-2004-x64

7

Paint Tool...ic.bmp

windows10-2004-x64

7

Paint Tool...er.bmp

windows10-2004-x64

7

Paint Tool...ny.ps1

windows10-2004-x64

3

Paint Tool...ng.bmp

windows10-2004-x64

7

Paint Tool...ds.bmp

windows10-2004-x64

7

Paint Tool...al.bmp

windows10-2004-x64

7

Paint Tool...ir.bmp

windows10-2004-x64

7

Paint Tool...ce.bmp

windows10-2004-x64

7

Paint Tool...ge.bmp

windows10-2004-x64

7

Paint Tool...i2.exe

windows10-2004-x64

1

Paint Tool...i2.exe

windows10-2004-x64

1

Paint Tool...i2.ini

windows10-2004-x64

1

Resubmissions

11-07-2024 08:08

240711-j1h5jsxcjl 7

11-07-2024 08:04

240711-jysafaxbln 3

Analysis

  • max time kernel
    92s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2024 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Paint Tool SAI 2.0 (64bit)/blotmap/Butterflies.bmp

  • Size

    65KB

  • MD5

    9ca0cf6dfbc6784163be7653c5295fb3

  • SHA1

    e4837b8c9e89d22e45b1a0aa034231024a8664c2

  • SHA256

    71e043e0229fc4338c64ccef97f40741813771a61e3082c2c9d574230d68f685

  • SHA512

    8abb653269846c2fd6c8e61abbe8d6b0fa80f8f8c0ecef7a1fdbadc9f816673694b572393fdad597fe3239862aae773ce818beb0e4a2265ca7851bb2daebb052

  • SSDEEP

    768:bGUH5ULDcIDiAv9Rusg0Am4b4O5x9+t55:bGUZiDsEZ65P+tr

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Paint Tool SAI 2.0 (64bit)\blotmap\Butterflies.bmp"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Paint Tool SAI 2.0 (64bit)\blotmap\Butterflies.bmp"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1836
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:4664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads