Overview

overview

7

Static

static

1

PvZ_Tools_....3.exe

windows10-2004-x64

1

PvZ_Tools_...xe.asc

windows10-2004-x64

3

PvZ_Tools_...e.hash

windows10-2004-x64

3

PvZ_Tools_...re.dll

windows10-2004-x64

3

PvZ_Tools_...ui.dll

windows10-2004-x64

1

PvZ_Tools_...rk.dll

windows10-2004-x64

3

PvZ_Tools_...ts.dll

windows10-2004-x64

3

PvZ_Tools_...er.dll

windows10-2004-x64

1

PvZ_Tools_...if.dll

windows10-2004-x64

1

PvZ_Tools_...co.dll

windows10-2004-x64

1

PvZ_Tools_...eg.dll

windows10-2004-x64

1

PvZ_Tools_..._1.dll

windows10-2004-x64

3

PvZ_Tools_..._1.dll

windows10-2004-x64

1

PvZ_Tools_...g.json

windows10-2004-x64

3

PvZ_Tools_...ws.dll

windows10-2004-x64

1

PvZ_Tools_...sh.jpg

windows10-2004-x64

3

PvZ_Tools_...le.dll

windows10-2004-x64

1

PvZ_Tools_...86.exe

windows10-2004-x64

7

PvZ_Tools_...b1.dll

windows10-2004-x64

3

PvZ_Tools_...pt.url

windows10-2004-x64

1

PvZ_Tools_...X1.der

windows10-2004-x64

1

PvZ_Tools_...X2.der

windows10-2004-x64

1

PvZ_Tools_...es.url

windows10-2004-x64

1

PvZ_Tools_...it.url

windows10-2004-x64

1

PvZ_Tools_...ds.url

windows10-2004-x64

1

Analysis

  • max time kernel
    256s
  • max time network
    260s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2023 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PvZ_Tools_v2.7.3/imageformats/qgif.dll

  • Size

    25KB

  • MD5

    39011de8046b08d34783325c67bb2773

  • SHA1

    57d1b6e76c184959f3c560d8504343a405700f85

  • SHA256

    eac73b6e06cbf8fdc0d2d03ce04847f6c467a985022d1da1968c8c76b803124d

  • SHA512

    06e997838a6060b58c567065ab20670e4f707ccb7cbcf9b252ac29bfccd23ce94393d26c5c3e3bad11ec1c009178cda7b6ccf31bdd3cc9e139eb313e4e111747

  • SSDEEP

    384:i+jsxcY9QzL6+IjufgvFZBvA6ET0jY7Ag6P7TMI8eVaUbKdJJohwS:vjsc0QnSjFZBo3TJrKMIna1dJJohwS

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\imageformats\qgif.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\imageformats\qgif.dll,#1
      2⤵
        PID:3516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads