Overview

overview

10

Static

static

10

Paint.NET_v4.2.10.exe

windows11-21h2-x64

10

PaintDotNe...er.dll

windows11-21h2-x64

1

PaintDotNet.exe

windows11-21h2-x64

1

PaintDotNet_x64.msi

windows11-21h2-x64

6

SetupShim.exe

windows11-21h2-x64

3

System.AppContext.dll

windows11-21h2-x64

1

System.Buffers.dll

windows11-21h2-x64

1

System.Col...nt.dll

windows11-21h2-x64

1

System.Col...ic.dll

windows11-21h2-x64

1

System.Col...ed.dll

windows11-21h2-x64

1

System.Col...ns.dll

windows11-21h2-x64

1

System.Com...nc.dll

windows11-21h2-x64

1

System.Com...es.dll

windows11-21h2-x64

1

System.Com...er.dll

windows11-21h2-x64

1

System.Com...el.dll

windows11-21h2-x64

1

System.Console.dll

windows11-21h2-x64

1

System.Dat...on.dll

windows11-21h2-x64

1

System.Dia...ts.dll

windows11-21h2-x64

1

System.Dia...ug.dll

windows11-21h2-x64

1

System.Dia...fo.dll

windows11-21h2-x64

1

System.Dia...ss.dll

windows11-21h2-x64

1

System.Dia...ce.dll

windows11-21h2-x64

1

System.Dia...er.dll

windows11-21h2-x64

1

System.Dia...ls.dll

windows11-21h2-x64

1

System.Dia...ce.dll

windows11-21h2-x64

1

System.Dia...ng.dll

windows11-21h2-x64

1

System.Dra...es.dll

windows11-21h2-x64

1

System.Dyn...me.dll

windows11-21h2-x64

1

System.Glo...rs.dll

windows11-21h2-x64

1

System.Glo...ns.dll

windows11-21h2-x64

1

System.Glo...on.dll

windows11-21h2-x64

1

System.IO....le.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-09-2024 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupShim.exe

  • Size

    133KB

  • MD5

    829f3a3164d7e6b1bd72a2412aefd0df

  • SHA1

    2d656d236ea967245cb0b18d48355e4650863612

  • SHA256

    40f630e6f8838fe6070fce2aef769530033d8bd6b8699e9565468a16f0e3f110

  • SHA512

    7ddf8d47e1bb496fc83f865c92ee3f3b1aef7cfc4cacb63307dcdf931a33f700e8f3b2a225ee273412dd074883e3e389e5b94336cae98db0faa1284abbadfea4

  • SSDEEP

    3072:2N8Hab73bFvqGnVFYvB6T8dhNgeae1U1P7oBVYoHoC8GAjuF6PfaMqVuipKYnTbM:2qs73bEXB7d1IPOopjuF63cKGvM

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupShim.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Users\Admin\AppData\Local\Temp\SetupFrontEnd.exe
      "SetupFrontEnd.exe" "C:\Users\Admin\AppData\Local\Temp\SetupShim.exe"
      2⤵
        PID:2436

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\pdnSetupShim.log
      Filesize

      577B

      MD5

      67be229517828a8a7c3589a7736a666f

      SHA1

      09143b5f59103608c61d414f403f3cd79fe5b07c

      SHA256

      ebc8f1ba1beaaf2b0c98ca252fd6a25b8bb844397618d6139f6a5deb5bcfdcc8

      SHA512

      252dbd7c7aee33093daa1346654048c15ee1b402b5781cb2e823d414a2f426652e39232e6b3b701472ffca46cdc8c27470f40ebd2e2406eb8d5ebdeaaa764e6d

      Download Submit

    • memory/2436-18-0x00007FFF03063000-0x00007FFF03065000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2436-19-0x0000015CA4830000-0x0000015CA484A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2436-20-0x0000015CA65D0000-0x0000015CA6638000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2436-21-0x0000015CBEEA0000-0x0000015CBEF80000-memory.dmp

      Filesize

      896KB

      Download

    • memory/2436-22-0x0000015CBF170000-0x0000015CBF35C000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2436-23-0x0000015CBF020000-0x0000015CBF0B4000-memory.dmp

      Filesize

      592KB

      Download

    • memory/2436-24-0x0000015CBF550000-0x0000015CBF73E000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2436-25-0x0000015CBF740000-0x0000015CBF83C000-memory.dmp

      Filesize

      1008KB

      Download

    • memory/2436-26-0x0000015CA6410000-0x0000015CA6411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2436-27-0x0000015CBF360000-0x0000015CBF4D8000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2436-28-0x0000015CA6460000-0x0000015CA6480000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2436-29-0x00007FFF03060000-0x00007FFF03B22000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2436-30-0x00007FFF03060000-0x00007FFF03B22000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2436-31-0x00007FFF03060000-0x00007FFF03B22000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2436-33-0x00007FFF03060000-0x00007FFF03B22000-memory.dmp

      Filesize

      10.8MB

      Download