Overview

overview

8

Static

static

3

ibisinc.ib...wr.zip

windows11-21h2-x64

1

IbisPaint/...ML.dll

windows11-21h2-x64

1

IbisPaint/...nt.exe

windows11-21h2-x64

1

IbisPaint/...as.dll

windows11-21h2-x64

1

IbisPaint/...up.exe

windows11-21h2-x64

8

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...er.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/libEGL.dll

windows11-21h2-x64

1

IbisPaint/...v2.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...me.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...es.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

IbisPaint/...pp.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    63s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-11-2024 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ibisinc.ibisPaint_12.1.5.0_neutral_~_sxbx2qs82h9wr.zip

  • Size

    54.4MB

  • MD5

    9f7ded0bdf182b37f6d3fbe3f13fc201

  • SHA1

    1540e0b2159925ad4f91b61eea9faac07165e2b9

  • SHA256

    6a4243e03a0b73d2a0040957d276063b5e4b0e7620003061097e0b6177b91007

  • SHA512

    2ef00d3f8d69d81bab5a28fff8d6840d9a2220673141ce4c764cc13588d12a3756ba97b4c00daa6c32c2b88c170c8dd6f72bec7b18a0464a8eb3a848a6d3fac4

  • SSDEEP

    1572864:R8zFSnho1ssKkvzKLoKikB3ii4El+DPIIqtZZzjxTBKwXI:R8JSnhKxTKLoKikB3iH8VZVjxFdI

Score
1/10

Malware Config

Signatures

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ibisinc.ibisPaint_12.1.5.0_neutral_~_sxbx2qs82h9wr.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2592
  • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
    "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:448
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4668
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4880
      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
        "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5080

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
        Filesize

        909B

        MD5

        817a3c0b1149258b3faa0c381c525252

        SHA1

        4b411fd9e1dbb98478b20ee1f454f4d64cec6a0d

        SHA256

        cacd88fac0a84ccfa2bd2a64b8b29b8a6b19165986a5016539b1379df6d3eb5e

        SHA512

        98608cf992728263a44d24ed6a08356e237bc0be21d974eba8fba83eb134c38be607c800737893e8c4a189e28fe79e15a1fdf1f79f81a95bdff8430716cc37d6

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
        Filesize

        917B

        MD5

        421c12ad67a818989775c663ded22fa1

        SHA1

        ccb9dd96a5f2bf083dd8fb5867fbe2280d3b0e34

        SHA256

        799c7434c8631263807ceef7c4ff17c592f80d3470c50ea50e18e531ba55a6ac

        SHA512

        d09b6df58a628164790e61b47c133b29ba7e135a29197eeb2b23404d77d560ac949fcd4bcdaa21de5ef53a5c3356f9c59f835b345681ecf5e9425869af2467ea

        Download Submit