c0228706952db8178701abd4a3c69b12cd21334c1db722b5a9408b723d546513 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Plantas vs...D).rar

windows10-1703-x64

3

Plantas vs...D).rar

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

Plantas vs Zombies(TutosProHD).rar
Size

37.8MB
Sample

230419-eyqpdsgc23
MD5

fe9d1a3a2c152380b8222cff984f5fab
SHA1

8c39bbabf93521e3d45c706034729a88c5def312
SHA256

c0228706952db8178701abd4a3c69b12cd21334c1db722b5a9408b723d546513
SHA512

76bb1e2e0c2a275733044e17ff1559fccaf4eeeda57625f90abd20adbbea29295d0911f809623d6f1965783c24e12265f141c8d03a84660c2dfe0f730960e5be
SSDEEP

786432:sXKc/T/EwtTC+42BJsFE+6Z379p4HOdln7lP3QbktaRNBTCS9AwBip4g4Iu3dEV1:sXbT/E4+YOFQZ33X3B3no9fBpgQC3l

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

Plantas vs Zombies(TutosProHD).rar

Resource

win10-20230220-en

windows10-1703-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

Plantas vs Zombies(TutosProHD).rar

Resource

win10v2004-20230220-en

discovery persistence

windows10-2004-x64

24 signatures

300 seconds

Malware Config

Targets

- Target
  
  Plantas vs Zombies(TutosProHD).rar
- Size
  
  37.8MB
- MD5
  
  fe9d1a3a2c152380b8222cff984f5fab
- SHA1
  
  8c39bbabf93521e3d45c706034729a88c5def312
- SHA256
  
  c0228706952db8178701abd4a3c69b12cd21334c1db722b5a9408b723d546513
- SHA512
  
  76bb1e2e0c2a275733044e17ff1559fccaf4eeeda57625f90abd20adbbea29295d0911f809623d6f1965783c24e12265f141c8d03a84660c2dfe0f730960e5be
- SSDEEP
  
  786432:sXKc/T/EwtTC+42BJsFE+6Z379p4HOdln7lP3QbktaRNBTCS9AwBip4g4Iu3dEV1:sXbT/E4+YOFQZ33X3B3no9fBpgQC3l
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy