Analysis
-
max time kernel
51s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 06:57
Behavioral task
behavioral1
Sample
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/English/sai2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/English/sai2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/Paint Tool SAI 2.0 (64bit)/sai2.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/Paint Tool SAI 2.0 (64bit)/sai2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/Paint Tool SAI 2.0 (64bit)/sai2.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/Paint Tool SAI 2.0 (64bit)/sai2.exe
Resource
win10v2004-20240508-en
General
-
Target
Easy Paint Tool SAI 2 (2017-01-19 Technical Preview)/English/sai2.exe
-
Size
5.1MB
-
MD5
5e2a923308834c564e57a7f5fc338f52
-
SHA1
7a1181ad535d2c141bb404b1b2a253e4bcfc59dd
-
SHA256
cfc77d16a3df39a0b3f19d13c427ecae811f2a5a39effb4ea885c6092b7305a4
-
SHA512
35f0c78ec9bdbedf68afa0cf42020ee92e3a34407a1d5994a3892bdee5a47c853af5321b94cae007acbf34fba8da98819b0edf343395811f70aacbaf89fb24bf
-
SSDEEP
49152:eyAnaNojdMnapvoa1JJ5Npu88s/wQAYToF6NU+TbSwlc:0ua5RKw
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
sai2.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 sai2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString sai2.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\1 sai2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString sai2.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\2 sai2.exe