Overview
overview
7Static
static
1PvZ_Tools_....3.exe
windows10-2004-x64
1PvZ_Tools_...xe.asc
windows10-2004-x64
3PvZ_Tools_...e.hash
windows10-2004-x64
3PvZ_Tools_...re.dll
windows10-2004-x64
3PvZ_Tools_...ui.dll
windows10-2004-x64
1PvZ_Tools_...rk.dll
windows10-2004-x64
3PvZ_Tools_...ts.dll
windows10-2004-x64
3PvZ_Tools_...er.dll
windows10-2004-x64
1PvZ_Tools_...if.dll
windows10-2004-x64
1PvZ_Tools_...co.dll
windows10-2004-x64
1PvZ_Tools_...eg.dll
windows10-2004-x64
1PvZ_Tools_..._1.dll
windows10-2004-x64
3PvZ_Tools_..._1.dll
windows10-2004-x64
1PvZ_Tools_...g.json
windows10-2004-x64
3PvZ_Tools_...ws.dll
windows10-2004-x64
1PvZ_Tools_...sh.jpg
windows10-2004-x64
3PvZ_Tools_...le.dll
windows10-2004-x64
1PvZ_Tools_...86.exe
windows10-2004-x64
7PvZ_Tools_...b1.dll
windows10-2004-x64
3PvZ_Tools_...pt.url
windows10-2004-x64
1PvZ_Tools_...X1.der
windows10-2004-x64
1PvZ_Tools_...X2.der
windows10-2004-x64
1PvZ_Tools_...es.url
windows10-2004-x64
1PvZ_Tools_...it.url
windows10-2004-x64
1PvZ_Tools_...ds.url
windows10-2004-x64
1Analysis
-
max time kernel
233s -
max time network
297s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 12:11
Static task
static1
Behavioral task
behavioral1
Sample
PvZ_Tools_v2.7.3/PvZ_Tools_v2.7.3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
PvZ_Tools_v2.7.3/PvZ_Tools_v2.7.3.exe.asc
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
PvZ_Tools_v2.7.3/PvZ_Tools_v2.7.3.exe.hash
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
PvZ_Tools_v2.7.3/Qt5Core.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
PvZ_Tools_v2.7.3/Qt5Gui.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
PvZ_Tools_v2.7.3/Qt5Network.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
PvZ_Tools_v2.7.3/Qt5Widgets.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
PvZ_Tools_v2.7.3/bearer/qgenericbearer.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
PvZ_Tools_v2.7.3/imageformats/qgif.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral10
Sample
PvZ_Tools_v2.7.3/imageformats/qico.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
PvZ_Tools_v2.7.3/imageformats/qjpeg.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
PvZ_Tools_v2.7.3/libcrypto-1_1.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
PvZ_Tools_v2.7.3/libssl-1_1.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
PvZ_Tools_v2.7.3/lineup_string.json
Resource
win10v2004-20230221-en
Behavioral task
behavioral15
Sample
PvZ_Tools_v2.7.3/platforms/qwindows.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral16
Sample
PvZ_Tools_v2.7.3/splash.jpg
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
PvZ_Tools_v2.7.3/styles/qwindowsvistastyle.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral18
Sample
PvZ_Tools_v2.7.3/vc_redist.x86.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
PvZ_Tools_v2.7.3/zlib1.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral20
Sample
PvZ_Tools_v2.7.3/植僵工具箱网站/HTTPS 根证书/Chain of Trust - Let's Encrypt.url
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
PvZ_Tools_v2.7.3/植僵工具箱网站/HTTPS 根证书/ISRG Root X1.der
Resource
win10v2004-20230220-en
Behavioral task
behavioral22
Sample
PvZ_Tools_v2.7.3/植僵工具箱网站/HTTPS 根证书/ISRG Root X2.der
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
PvZ_Tools_v2.7.3/植僵工具箱网站/下载游戏 Plants vs. Zombies.url
Resource
win10v2004-20230220-en
Behavioral task
behavioral24
Sample
PvZ_Tools_v2.7.3/植僵工具箱网站/下载辅助 PvZ Toolkit.url
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
PvZ_Tools_v2.7.3/植僵工具箱网站/阵型列表 Endless Builds.url
Resource
win10v2004-20230221-en
General
-
Target
PvZ_Tools_v2.7.3/Qt5Network.dll
-
Size
827KB
-
MD5
a16cf5a0b8723f885e946d0f6e07acdd
-
SHA1
eb4f4d0b8eef78da01e04134d411e2ab24b35466
-
SHA256
f4bd456f2764cc7b14eb1126d5eb222019c6d57ebf6046ea88aeb675e5dd577c
-
SHA512
457911af9900f05eaafa3d0d470d9bae7df455fc65b015cb6ce6e9ec0d08bdb1bf7653682dbd5ffedf788a493d55a20f2acc3e03778cf8b0a3a3751e65698a5d
-
SSDEEP
12288:dfEa/df6CSD2OjO2fTNitHjmuUHcI240XLWXV4I0ns4mYYLeqK:RE0GlL0HlIokVF4EL0
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3480 2480 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4100 wrote to memory of 2480 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 2480 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 2480 4100 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\Qt5Network.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\Qt5Network.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 7163⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2480 -ip 24801⤵