bced812112439dc85b04747045a0a19ee4b6d9f9ca0b378390e41379ffdb9f9d | Triage

Analysis

max time kernel
288s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2023 12:11

Sharing

Report Analysis Logs

General

Target

PvZ_Tools_v2.7.3/platforms/qwindows.dll
Size

1018KB
MD5

d958f115de0bbc6d93b61c8a6dff1777
SHA1

88df458dd48d303c55b6fa1ae1a17b7cdd634e59
SHA256

4612f51234fabdc683f350805bb69faf1a12ce92329afc1b7d7dc9709ff7d5fc
SHA512

cf39788c9ab52730d02f705993aed8d751979f3b2cad0ccee007565939ddbb3f0d3204fe2446ea5f43bc689acb2eaeea55bcb1662608210c7f7c648d22e5d119
SSDEEP

24576:xNN8dkE4Y/uDfdVAUVdYJhPyYmV4yJFuZe:9IkDJrVe7mV4I

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1668 wrote to memory of 3972	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 3972	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 3972	1668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\platforms\qwindows.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\platforms\qwindows.dll,#1
2⤵
PID:3972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...