6a4243e03a0b73d2a0040957d276063b5e4b0e7620003061097e0b6177b91007

Sharing

Copy URL

Twitter E-mail

General

Target

ibisinc.ibisPaint_12.1.5.0_neutral_~_sxbx2qs82h9wr.msixbundle
Size

54.4MB
Sample

241122-e9agjszrcj
MD5

9f7ded0bdf182b37f6d3fbe3f13fc201
SHA1

1540e0b2159925ad4f91b61eea9faac07165e2b9
SHA256

6a4243e03a0b73d2a0040957d276063b5e4b0e7620003061097e0b6177b91007
SHA512

2ef00d3f8d69d81bab5a28fff8d6840d9a2220673141ce4c764cc13588d12a3756ba97b4c00daa6c32c2b88c170c8dd6f72bec7b18a0464a8eb3a848a6d3fac4
SSDEEP

1572864:R8zFSnho1ssKkvzKLoKikB3ii4El+DPIIqtZZzjxTBKwXI:R8JSnhKxTKLoKikB3iH8VZVjxFdI

Score

8^/10

Malware Config

Targets

- Target
  
  ibisinc.ibisPaint_12.1.5.0_neutral_~_sxbx2qs82h9wr.msixbundle
- Size
  
  54.4MB
- MD5
  
  9f7ded0bdf182b37f6d3fbe3f13fc201
- SHA1
  
  1540e0b2159925ad4f91b61eea9faac07165e2b9
- SHA256
  
  6a4243e03a0b73d2a0040957d276063b5e4b0e7620003061097e0b6177b91007
- SHA512
  
  2ef00d3f8d69d81bab5a28fff8d6840d9a2220673141ce4c764cc13588d12a3756ba97b4c00daa6c32c2b88c170c8dd6f72bec7b18a0464a8eb3a848a6d3fac4
- SSDEEP
  
  1572864:R8zFSnho1ssKkvzKLoKikB3ii4El+DPIIqtZZzjxTBKwXI:R8JSnhKxTKLoKikB3iH8VZVjxFdI
Score

1^/10
behavioral1
- Target
  
  IbisPaint/DirectML.dll
- Size
  
  17.7MB
- MD5
  
  5f12fc85ed0682d4ceace16fb60811ae
- SHA1
  
  3670f15f180897b4630f321b6fcbad99b266a8d2
- SHA256
  
  913b6e436b7292f0b3af6d0c37d2201ab3435cb5f0a7c08c0beaa644602f5312
- SHA512
  
  2f2b389f66dd58c47621c229d69a7d9ec3937cf1e123e0ca0dfc457b5b6c1a6ac8cf0ca1aae59971807b4a058e48f1797e0de83f7c2447c427fec1619dd37de9
- SSDEEP
  
  196608:ZXCBV4mJSq0Ytzn7OBdzIkRnyrQAH5+sM3TK+:xGfJSMtz7oZIkByrQo5QT3
Score

1^/10
behavioral2
- Target
  
  IbisPaint/IbisPaint.exe
- Size
  
  22.1MB
- MD5
  
  f52cfeb4eaf0260086c80c45faa81be2
- SHA1
  
  a6b450939f16b365e21d7b5472d5f4bfa6d46a12
- SHA256
  
  44f9770ec774fc469769acaa9218680861eb2bef37757af0408680ea643ac0b7
- SHA512
  
  f2c63ef8ba2ac644ba1d2ed6a31aac97c5b825797fa9045ff495b0140c6246eca3cb11e1a58291ad35dd1e7c38d6d53b1f7cf1be5f91cc28034cb7b81c032cf0
- SSDEEP
  
  98304:l6sNwnpoALLIytDSnb+v3073M9Ss32LIpCF4jFtARAGYkzZwubsVH+w8L:kiwpoAHIypeb+PGM9SG5tAGtktwFewy
Score

1^/10
behavioral3
- Target
  
  IbisPaint/Microsoft.Graphics.Canvas.dll
- Size
  
  1.6MB
- MD5
  
  4fa3917224642623174dcf7f081d9ae3
- SHA1
  
  40dba0c269ff5668d9c38c6cfa6fe653be39b6df
- SHA256
  
  532358e45807395426dd70d46dbafa28b58cce23a740ae8a4c8915c1bef4d3ca
- SHA512
  
  e5415c2b1c6b93c03769dc9cc8b96967f7de819790db353160378ee287ad3aa3d509a440bd649341273d0c882907c36522cf74ebbae9dc7baf67a879eb1a6b3e
- SSDEEP
  
  24576:sfTQuPQdlef2SqdPEz/3/z873xMgCLyzcMs7MeENRu+4eUfmLTyqef4Dexb7Mopg:s+HAw5iA8hbF/u41KYAPHH6TC46KxpTe
Score

1^/10
behavioral4
- Target
  
  IbisPaint/MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.8MB
- MD5
  
  c56905370fd00d80e6c87146b2b79043
- SHA1
  
  366288994801930c7748750811db9e9ce2b5295b
- SHA256
  
  7229ef4aff277a824fcd6db51a8df25a1daa638071b469cdde256d50e033e61e
- SHA512
  
  8b22b4331c632d63164664b90f6d26c0da0c27c877010a5f5d7a5c3cdd350661b1a2dbbf92c451e9393b379eb9d6054d4e528674957c8fc820f1c1a9459eb8c0
- SSDEEP
  
  49152:tyE3dWqT2eiYDKHAdpnrjAMjx2jA0GnvNyL3s0xK:ty3qT2huprsQr02vNyL3s0xK
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral5
- Target
  
  IbisPaint/Resources.dll
- Size
  
  25.9MB
- MD5
  
  e2c4ca96f11d819cc413880124a3ca77
- SHA1
  
  8b5d4f008678b17bc031d4ebec179b7d7ba2fece
- SHA256
  
  8312488f8b02813ecf1cc4e83ef0f68a6f8f094f1e938e10044bb0d02f1cb27f
- SHA512
  
  b240542e9aa1f48744dd6b3c0dfb4aeb50ed61679098e18a611a74e7e5a7eb3c54bedc49bb1a53dca5f5d7ae6b4b341dd4d8834ae5c3a6637f94eae51f4b338b
- SSDEEP
  
  393216:HtewPXsCtK9PH6Wnk12iirPAI/gMuoFwDc0RLE808xTnm8/iEbnn0sH0:BPcCtaP5biirPA9AqdBTnn/iEb0Z
Score

1^/10
behavioral6
- Target
  
  IbisPaint/WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  c5f0c46e91f354c58ecec864614157d7
- SHA1
  
  cb6f85c0b716b4fc3810deb3eb9053beb07e803c
- SHA256
  
  465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f
- SHA512
  
  287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91
- SSDEEP
  
  3072:7evoTTlTRTyiuPThTNTKm81SbbMYSPLNsknZiZ2HZ5AaliiT88FEtJ57dXSvlCW:HTlTRTyiuPThTNTKmFQdhsknZiMHfEti
Score

1^/10
behavioral7
- Target
  
  IbisPaint/ar/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  29fab0a29738c4bd51a3a68d98a4c132
- SHA1
  
  2686caa8e28474489befd2dfd3a4973d61ab19fe
- SHA256
  
  0b76f44f3548a9c9e8071d38eb09a7d84280957f2ebc2ccb3a5bcec8865e62db
- SHA512
  
  8a6b100ed1345ae52bbdc99abfdf63fd7f6afac1fdcfdb790ae08d158fb0f074fa7e91411333f0b5ad5c783bef6a9e2b338f6cf56ac1b15f4549ce515f95007d
Score

1^/10
behavioral8
- Target
  
  IbisPaint/concrt140_app.dll
- Size
  
  51KB
- MD5
  
  443ae6a3d863c77844f2431fa49508f5
- SHA1
  
  e7e9cd3e2c0751680348c2cd9cdc1c497336bab0
- SHA256
  
  22bb751a3e1527d4bc99b3f0ffdd00498b219f75ab0945565cbae37eba2f3930
- SHA512
  
  bed863e2bb39598a4af944b32aaa5a326911b82680f52b624c5961291bbd02a46e1128e552ea4d06b3c070e45118409a773962a6eac314de44e0b554531ed17e
- SSDEEP
  
  1536:lgdU3Sz3CkkDPZB7y77Qs82cnuHnCcDkwD9/f/gLBBzEU:lqU3Sz3CcW9BI
Score

1^/10
behavioral9
- Target
  
  IbisPaint/de/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  a2d2c88d0e9c77ae08a2aea268dc886f
- SHA1
  
  c50792444b4e55bf22d3ed7cfd93c10da5a26760
- SHA256
  
  4150cf5752a4cb4fd52ec56d5183e32edef8e543e7154ad05c5c31acfd144474
- SHA512
  
  b8bacc5bcb5b1bf0456218a47854d15435ae515acbd19076835063dcacb454e27b1be3392bf567dd87d42f27bf7bb2babf3b6881e74ad19b9ebd249406974369
Score

1^/10
behavioral10
- Target
  
  IbisPaint/en/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  23b993017d7204143969ec66ba0e7447
- SHA1
  
  950177a15d6260265f450c5d29eccd3704d1b4da
- SHA256
  
  d6b36bc4ee5eb1cd7283c24eb68a0121e00c744a1de9317657087db7ca192ee6
- SHA512
  
  3c259c6ef282493f84bf83e0bf59aa7c2b993a3adc1a804e4f3261ea796277153c5e699b52883db748c19618e541437b2969245299111d919b7b6033e1fdd0a0
Score

1^/10
behavioral11
- Target
  
  IbisPaint/es/Resources.dll.mui
- Size
  
  2KB
- MD5
  
  69b21a082ea3c5f865d0f43414285aad
- SHA1
  
  1bc566e732726fcaa99a9bbb163fae5200fdbab5
- SHA256
  
  d3197e545ea3e8a4ce7a59b8a2820c969b776a21104eaafb169666496e531072
- SHA512
  
  07bb56905e928ef6ad30e5e7d0e8b7a20d68733834ec281a826a6e1e0874e2236f64e4443da2854ba2d91821fa37bd4687b8e44be6d577d93e31f0e303f0480e
Score

1^/10
behavioral12
- Target
  
  IbisPaint/fr/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  d088de13c0e1a919f1877655419f05b3
- SHA1
  
  594b683da3ceca91335653a8bf978484e3b6264e
- SHA256
  
  32848f6a319c28ca6287af8a74fcc0f6409d73448256868359354a9edd7d3792
- SHA512
  
  10989fc2162f08121179436e0d9ba4ad607011b25467869dc8789d3b694f0d2381c46645331c04ef859461a5eede1657493ca745f165fd88a666e538dc60d56a
Score

1^/10
behavioral13
- Target
  
  IbisPaint/he/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  fa839f59313dc8850185091c7e83d9b8
- SHA1
  
  7e183093d05e738498f6b4ea677608dfa065b7f8
- SHA256
  
  9cfd9e16ce21e4964ff1f9d161ac204dc28d8f0f6937a206a7d93defb9235afa
- SHA512
  
  a964677d83a6e984b060b38e9b294b799c351a20dc5e813897b654c5a939583964138d3b67897ced6e8b74b4a9ad0c3c952c9e06cda2afab464aa52aa16527f0
Score

1^/10
behavioral14
- Target
  
  IbisPaint/id/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  8a8e6dd7392f89df42270d0c58fc2126
- SHA1
  
  3587b2e39a9177868f3150cbad123893ca534789
- SHA256
  
  52303dc5e99b176f9fdb0248703400a930adc5464595d10f49170c9ba4b22abc
- SHA512
  
  bfa6db445a94cb84cd601c22145f8769feaff2e19915017b08cfbc126a432b10a15935ee364a86676ca08984a9c1497c06411368036694a2696c35b33784f81d
Score

1^/10
behavioral15
- Target
  
  IbisPaint/it/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  4ae62e52de4948c98a920f68c2140fc1
- SHA1
  
  e7f31c44efbf894e3598fceb9af2b7b1a426ee2e
- SHA256
  
  59d83c2b9e2328ee6a5474c85770d2a883672e9f083b9fe68fe2321c0bebccf9
- SHA512
  
  c2f49d78890cd9a594052f6e5fd7a9b2505c71fcd2b6a20ec84c8353e121f324b3a5cbc61868fdd61ec3757c0dbe2ba2af5f3b9e34cb8161e3d5f7cab857f791
Score

1^/10
behavioral16
- Target
  
  IbisPaint/ja/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  69856e627c6f34b4972a53fe5ee92996
- SHA1
  
  c0cf6eb4d6a5b09d9f1ff7a1292ae792c9a4df7e
- SHA256
  
  7bfa807945c19d3b2dce7c2fda02cbca2b9a08f22ebb754a715711b527f488c0
- SHA512
  
  6e7f4e598d95480aa72f14d298cbbc51b21d412a012845c44a0bc966fb2770dc67275585c7ac063485ca7c40bebca461290a60962163567d56fafd2e261792b0
Score

1^/10
behavioral17
- Target
  
  IbisPaint/ko/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  4ad029aacff9b02e49092ad6b0be3e18
- SHA1
  
  28d44f88844da9b2aa73587506a9296f34377cab
- SHA256
  
  3f6644af5a9b92d04721be45ba666d919fbc029c70ca792e9c8beb8a40e04a7e
- SHA512
  
  eb397918b71b8697fbdcf9c8ac01a3ae796399fed0ced5d816cc1883dd3cd644aa64d830960f97c7244e0544e709ab44d7ee0d2434b22bcc93b95f611d607ee4
Score

1^/10
behavioral18
- Target
  
  IbisPaint/libEGL.dll
- Size
  
  201KB
- MD5
  
  c4cbdbe4681c211ccb81dba88653b778
- SHA1
  
  e5fbb92a7c9c032f1e2747a7c8d5bfcccb38e2ea
- SHA256
  
  b3d6853c7148f3fc9cc6c489133a06dea2272781b6dc5998e3f47b62cda13016
- SHA512
  
  f710d8588a466f15b39e521bf6a82fb2c3264a37fcb75b7a87248cb556738ed19cb6e8d1dfcc3a2a80d445bd09585f71fecc21ddb002d8cf99f959d4843f0b10
- SSDEEP
  
  3072:mixdsC6vUflCQDy9tPIIYUaopRZbwC9gfH5zoY46D4/8vYIpXn:mixdk4lC9TPII8C2ohSv3pX
Score

1^/10
behavioral19
- Target
  
  IbisPaint/libGLESv2.dll
- Size
  
  10.2MB
- MD5
  
  b9d79c83fb0c0d6ce6158c9efa1cca32
- SHA1
  
  fb8a0e26a8dea3090c4f962f22f3a52dd7b013d6
- SHA256
  
  85fa43208b1be13e6ca8a1504705207ec486ac9a83af9718bd441e3ee1e62675
- SHA512
  
  5e0eddabd90adf121bd71e7ce9a755e3acc28da19ad3244b391f551bb7c90506c277b397d58df1099e96fbe58228bfd4c776066622473efc0bebebff233d4c71
- SSDEEP
  
  98304:0vfFD7KeMQqIr0JzEMGX2XXt/vnGScvrDa9L/ffAaMi2YLwfrGUsjsmA:0vfFuJPmCt/vnG5SH1HlL1UqvA
Score

1^/10
behavioral20
- Target
  
  IbisPaint/msvcp140_1_app.dll
- Size
  
  13KB
- MD5
  
  17de759913138d59757ce32cc8f2dcc6
- SHA1
  
  146af974d0de4017f6c3a5953637702edb577be8
- SHA256
  
  ee7937e309895f49d76af00ecf911ce559518816bf8094625c2096e5411590fe
- SHA512
  
  3eed351746065e126c68ceb1c29798fe987e62fecc73b2f12aa8fa66954889312834fd322e5f00e97938f68cd3c2158ead0a41246c22f9973b8127ae1f2a367f
- SSDEEP
  
  192:lQ5THfPWIkWObnzuHnhWgN7agWqpp13s5yX01k9z3AwSeTBT:l8WI8zuHRN7tlcYR9zNlt
Score

1^/10
behavioral21
- Target
  
  IbisPaint/msvcp140_2_app.dll
- Size
  
  16KB
- MD5
  
  0306ad8c5ffd199f20ee8c34645c99c6
- SHA1
  
  3550dd43d3d595d05d6fe739cb849e0bcaccb8d3
- SHA256
  
  905ef8c53add41cb15e3842cc4904efa3987b1a261311ed7cf543b51d30c96b0
- SHA512
  
  93d8e4ff80a609c6990afc5ca722f22a03aa6252bec2c709ea3955c9d2064a73311eca7f7996c5e54310538488fffbe23fb40c2b7837eb79ce8cee2b7a61a727
- SSDEEP
  
  192:Lejbb69Wr8WxzW5EB5LH8HnhWgN7agWhryhp13s5yX01k9z3AwSekIAa:Gbt8WxgLHRN7urkcYR9zNlaa
Score

1^/10
behavioral22
- Target
  
  IbisPaint/msvcp140_app.dll
- Size
  
  249KB
- MD5
  
  207c71e087e301fa4909a977eed74490
- SHA1
  
  430d540be614e5c47ea055d0bfe865a92d7df661
- SHA256
  
  81059b96bb46e499f5e418d7262823dbc5ecf39587c00175091597743f41dad8
- SHA512
  
  a36dc9e870073677ef1b7d20e48933d866176b169463afff0fbcea73e153f8c265298aa375e2a6eda29ec699a84bd0969ca1f65e7e25b6dd57b10ed9b03b00f2
- SSDEEP
  
  3072:d8Mx3k2pFYZAECK7Z2me+w5c6PD41YlAHC2aWoo7dMEMEik8zCxL:dvx6AECK7Z2me+wEaWoo7dMEMEik8zIL
Score

1^/10
behavioral23
- Target
  
  IbisPaint/nl/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  4bacb79f932a69b002d2ae1202cfb323
- SHA1
  
  51590741efb4daf5ea3bece0a4ae5fb1b060a175
- SHA256
  
  84d4fe570abf0fbb1d97e98e367ee25d0c34d17dbf70956c3d88f5e62d7821f0
- SHA512
  
  b7b28327b6e388758f8bd33b48d30fed1393a64b2537ac33cce871caf7e6cec46fd5129b1bccc427e00fda98319c9430615166c5efc72b758dc671eee7d7d07a
Score

1^/10
behavioral24
- Target
  
  IbisPaint/onnxruntime.dll
- Size
  
  13.2MB
- MD5
  
  00421a4385067bafd23e6e0a1ef0605a
- SHA1
  
  b11c738ecb475e8b892b18ef55f87e203018e500
- SHA256
  
  6cc2fec259ff9fd2f59fb69caff0b247de51050a179cb4b3fcf8a1528a6cf3e2
- SHA512
  
  72a1c1780ee3162883b6aeced473a6fe54d2693d3ea843416ddc7cf68bbcff4da3fb8a511418f5b5e97316f7acc85420fb621a1a5c409c84ef459311f769df71
- SSDEEP
  
  98304:eyUbTA9OmOFRtLqEke04JkwimxRMV88G7UrbzogPVCOy:rU/AsZf04ZiEKCwI
Score

1^/10
behavioral25
- Target
  
  IbisPaint/pt/Resources.dll.mui
- Size
  
  2KB
- MD5
  
  7c17c74ccd3b38fc4213eac102fb7ffe
- SHA1
  
  22351ecdf07795157eca3cef1d0ff14b77adec73
- SHA256
  
  066a12a9fefa1856a35d8e21e5ddbd03285b98447f3d868db2e9848e67b28b6d
- SHA512
  
  9ca5da6caafebe323980c5bcfe29291230c323b5f02cb36e3dad5dec35761a4e4af62159f8f70073873186cb3f0b0bcd62dd186f497241b88432ca256d530027
Score

1^/10
behavioral26
- Target
  
  IbisPaint/ru/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  dfbceb70be2c8796ab90109af904eabe
- SHA1
  
  60ff2644000540044b7b70b103cf2d0bc42d671c
- SHA256
  
  a3e89b9e036f1dd5ad9f0eae610db3794a06fcbfe92907c860e98be673f1bc74
- SHA512
  
  b600ee268d3dbce33776ab7b82c83774d4cca7f449d18a7d83202271cf8d537df2b63419e3ba8dd14d9c08bf8459e7f20529632d58d7b65828ea7f3b55fee092
Score

1^/10
behavioral27
- Target
  
  IbisPaint/tr/Resources.dll.mui
- Size
  
  1KB
- MD5
  
  62e0427f0eecb2f0206dd4e092422fff
- SHA1
  
  c571af926c47a651215b24544b9e65bc7251f99f
- SHA256
  
  91aa1b550129be0ef92328b18f72979ba31749031b66969a997eba871f72e795
- SHA512
  
  35f2302042b6ddc5b1aa5fb55b93c185b17e1a49b7280392098ebb7f4b2c6ab938103230572018fecbdaccf585b1892cfa5fd7f4bec406f27f211386f92e6397
Score

1^/10
behavioral28
- Target
  
  IbisPaint/vcamp140_app.dll
- Size
  
  41KB
- MD5
  
  4c3d8e99a83f2ddb69646f6e364ac806
- SHA1
  
  ad1b3ffe6029ff050a0da69f7a8ee89490f3642f
- SHA256
  
  515ba0350cb6bd544c3beb8b03ce161ee5300c6b9cf2ea6cd98f552b5c9547d0
- SHA512
  
  8b946e677d9f59ce9bf2576c1cf8d89814acd22f73bd52646b9ad56d4f540694e83935c80b5fc69e2681a52952c3c9f3589cb5c606c131c8a151061ed903aa50
- SSDEEP
  
  768:3OtjdjYgHZYoCWiDVoc8YP578/hnoMyuKRX8gAMNL5Tdb5SzavQh9zwtr:369YgWoCWiDVoc8YP578/hnoMyuKRX8U
Score

1^/10
behavioral29
- Target
  
  IbisPaint/vccorlib140_app.dll
- Size
  
  45KB
- MD5
  
  e81db3eb6f85b003ffcfaeffcbc13bed
- SHA1
  
  0c16114a4bd2d73653038dd3fe4569b6a8405dc1
- SHA256
  
  b7b5ad7dee1e50c178ebd07e52eea30be99a46ac9bcd929f694fe206b12c3d42
- SHA512
  
  8c0de03890f3aa209fb243b201f014fd836d00cc1c9c1e90e19e2a10c97b15e56742fff203955514fdd9d90f3d72ae3f7967e9fcd3348266153b8f39bec3a68e
- SSDEEP
  
  384:P17zGB6yllFobCilEYWRLHRN74xCNNPR9zBo:P17zGBzobC3L59zi
Score

1^/10
behavioral30
- Target
  
  IbisPaint/vcomp140_app.dll
- Size
  
  20KB
- MD5
  
  b245bb48885a995fe2ba0be1e6ff0f69
- SHA1
  
  5da828debcea64d5bc821bcb0fa2ca41c2f0a53a
- SHA256
  
  5d8c4bf1636218de0fe7f5ad1d0a7cfe2a11734272a2cd5caa7672797678d3af
- SHA512
  
  5445531dd9d0c135388b7e92fa040930196d898c65b847ac2772644fb5df15e674ed53a498f4fe5f2e418db2d3a76d029e8756a2f3c9b3081c887c69da49cf5a
- SSDEEP
  
  384:vLDLn1NTkH01d/klkVp9pVQz6j7ZhApYpGWSXLHRN7OEnR9zVjKdb:zDLnrkuam7PQNymLOER9zVu
Score

1^/10
behavioral31
- Target
  
  IbisPaint/vcruntime140_1_app.dll
- Size
  
  13KB
- MD5
  
  89c38920cfe7e63ce9a39d5382b3e4e9
- SHA1
  
  2c4ba625d5b1225c4a7f0d8256d845a2a7017da8
- SHA256
  
  bb26754bd85dcbad881caf33caabc55dd9a4ac15a27b5e963495ab84c4c7f640
- SHA512
  
  8f4eecf81a188a84192983d0f8acada0904e384b8911072bf4adf3be0ba121bc62b4eac1b00ab37606cc5d1272d35770f772fa6baf096ea7c282e6b2adbe9b5a
- SSDEEP
  
  192:5WYlW5EB5LH8HnhWgN7acWL6El+X01k9z3ACiYyKt:5WFLHRN73Y+R9zdTyKt
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks system information in the registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32