536a9d52245068dfd2d2576482cbf394ad0589c3e65f54c87dc0a0925afec969

Analysis

max time kernel
75s
max time network
79s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
07-09-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paint tool Sai 2/sai2.exe
Size

5.3MB
MD5

3611f8a09d4d9894db2d43c7b32cb767
SHA1

ff5f5478c198146db89a47300bdbb0247670ce2e
SHA256

4f43614064a9321ff9807e054efa60ed32e35208cc49ead66385369371f53bb4
SHA512

f7e2928ef535e0b1e410d922b1052942f5c3248e831c2a1bbb0d823eb75844b04a02573be7a85041183dd2aa8e925149a9760749c697674863edc22ee43da607
SSDEEP

49152:mJboGiLbBvNwnZvJJwBnaFF8vvFYE9r65UeKCgjaDGTf36U3Z:mJoU2YEk500wZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	sai2.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	sai2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2372	sai2.exe

C:\Users\Admin\AppData\Local\Temp\Paint tool Sai 2\sai2.exe
"C:\Users\Admin\AppData\Local\Temp\Paint tool Sai 2\sai2.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushfom\blotmap\Spread & Noise.bmp

Filesize
65KB

MD5
7e313e2d7a64656ef7101d180efc2da8

SHA1
db826e9474a163042679c667b6f51d382b09d9e8

SHA256
75b412bc911f85b71ab0f74648fca9d8a7b0f88bd2eb65cd9f941cc1ca87fa42

SHA512
e6b01b1d0b2b2209ca58129b72936086aa7ca1de5a000ea645d82aab02e07c69581f4493c5c66c6e4904b94111c494d31290768ec6427de7f00ebdf787bdca38

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushfom\blotmap\Spread.bmp

Filesize
65KB

MD5
b953210f80206d395f79bdfc480b08ba

SHA1
f7ca426380a6c30c1bc1d75dd4b448298d64023f

SHA256
3a50c1123d38839112e6efdba622098138f895eeca65a13923eaa00ef5903fb1

SHA512
fc0d6e82d492009253f906b7de82859319725d843d984ad468967703c26adc0e8bd2054f696fcc53fdccb3c74266658584f08d039605097aec5837fd233c9fdf

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushfom\blotmap\Water Color 2.bmp

Filesize
257KB

MD5
9dd71181ba3d048b1a3bcce15c2c3871

SHA1
0c49b850b83910efcf0127cb364777e419afa8b2

SHA256
7ac03b1f36bd2a0fc257f6a2302f62a97b1098130100e5a7613fa86e1849a499

SHA512
df4b23d5280b2c0bfe28ffebb688ccb4124ab51f3db1081934553d72d1755c163d70f8dcca132cd33ccb68df3e62f70d674586c5dded782dca8082b0687544bf

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushfom\bristle\Middle Flat.bmp

Filesize
11KB

MD5
d3e15b4a81db36ad5c8ba1b039a8a7b8

SHA1
be71323420622759799e9369aa2866f266e57885

SHA256
2a436c24951b74d2a233510c7ae937cbebf6276803dc5bfb1d28c8f8aad6ee09

SHA512
fc6c8328213d4bf8d82bcff5346f5cf939111680e2da5101c977a4143355c7a870b876b1d19c3f93f3110e3a98552734981135c676de18a4b915f32ff4251fd6

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushfom\bristle\Squeze.bmp

Filesize
11KB

MD5
a762568944134e7537eb748da8776815

SHA1
f90c2c83a06005c0925130d229681adc95cc966f

SHA256
dc9dc48da8eaa9f627dc5285b4700b88d827aa26a36fcf9f36a559ab9f28a650

SHA512
832bdd390cb6cee903ff127dbe54b84772a43da23928c85c4859f85f912c1fe4276c3a5f4b33e39296e282b65d42356e592ab1d33260ec2e92636adc3015558c

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushtex\Arpfina.bmp

Filesize
257KB

MD5
77abf38ceb44ff0d9f32f1a28106cf40

SHA1
4384db29026828c4f7497d11a462cf9395646923

SHA256
56fd2208ac9082c2500b155f5dfd312b3289c53b2e5ae259d6b30e50982a5d76

SHA512
e3bd4c4fbf7728f389d41dcfa35d4785e77c4ea8323ed48e398a9f5706083b59c26239687308634a3e15117ebb4e78a2f433db967e013205ae3e5c04b9ba497a

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\brushtex\Paper 01.bmp

Filesize
257KB

MD5
3e940d47505ae20ae27a3023c1e4c5f0

SHA1
54d857a1756f7d86beab7fdb1b136e8cd579eeac

SHA256
6cfc0e01583bfd0a1b1598bb954077acd3502bc5c24524132e3a17dac129137c

SHA512
4e54e9be69330ca2b35871a898ac7cc6d90c3c5b9f1b0f67b796ec3b2e0a50fe7e2633523fb3d096b0733f806f6ea7f9b380b5ebdc7f5c2d11ad2a8054d4618b

Download Submit
C:\Users\Admin\Documents\SYSTEMAX Software Development\SAIv2\settings\papertex\Watercolor A.bmp

Filesize
257KB

MD5
eb4116fcc59605182e8c76f4bb496958

SHA1
aca13dfd68436c4bf62c13901723f067e2b681a6

SHA256
43a13ec4f54eff7aaa77ab2a7a292cdbe58dbccdc6d37d95a1ad1528787c7559

SHA512
9279e02fbf2f437a450fccf5b03524eee4eed33c6e0d09cca4eee3015fb4f0ae714d11c12f13dd414031263282df8aecb4eaa7196674193d2d94c6c77c583dc6

Download Submit