Overview

overview

6

Static

static

3

PvZWidescr....2.zip

windows7-x64

1

PvZWidescr....2.zip

windows10-2004-x64

1

PvZWidescr...es.exe

windows7-x64

1

PvZWidescr...es.exe

windows10-2004-x64

6

PvZWidescr...ss.dll

windows7-x64

1

PvZWidescr...ss.dll

windows10-2004-x64

1

PvZWidescr...la.txt

windows7-x64

1

PvZWidescr...la.txt

windows10-2004-x64

1

PvZWidescr...in.pak

windows7-x64

PvZWidescr...in.pak

windows10-2004-x64

PvZWidescr...er.xml

windows7-x64

1

PvZWidescr...er.xml

windows10-2004-x64

3

PvZWidescr...ml.sig

windows7-x64

PvZWidescr...ml.sig

windows10-2004-x64

PvZWidescr...go.jpg

windows7-x64

3

PvZWidescr...go.jpg

windows10-2004-x64

PvZWidescr...en.exe

windows7-x64

1

PvZWidescr...en.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2023 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PvZWidescreen_1.1.2/properties/partner.xml

  • Size

    231B

  • MD5

    c2e4f872db5a3cb745049de10de29e79

  • SHA1

    2370b6745891cd71ec550c2632387d322b570ff5

  • SHA256

    d572066b69c2eafe40c8baf6b4668f083b9e3e90cfc120cc7a4f1f71167e74fa

  • SHA512

    93474f1be1534d964dc8f39c9377a894ea37a99686f5b57f11d23d1aedb1bdcb1794ccef064c0e2119c69298eebfe8e2c58abb29438ffe65e129c829b7690d82

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\PvZWidescreen_1.1.2\properties\partner.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:848
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    877097b3228f35f7cf64fcde588fd49a

    SHA1

    14052df7ac45424eb0c607f14ebfbc5b8dde68f0

    SHA256

    ef1f85cc45716a54544e3f1d88883ef1483d674d710f84e205551ca013450641

    SHA512

    f0dbf5cd253a60d38957a393b0b11710adfaf77f84c481b2702d6b6c71fba1d1c34f31e84997298efd306b90d25a5dc0035275e82c84f1e6cc5bd63f323a3e9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2be77b66b5733dad09a10fdbc159868e

    SHA1

    406f62b33a2aff8990617cf2fbac572c88ec22ef

    SHA256

    592974860821383b2da59240d270a200bf0ac4643ada376fa0342199bbf6831a

    SHA512

    e6c5151a52c30a2862f02c502bbfb95de9a13e00700ebfed01fa24a580748bebc3b3a0f57ae914013f8b3bc0ddac0b2507c1f5e1cc6f562b902e91d027438dca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4614b698eee864a7b5f998d77d288f3

    SHA1

    3490737f60c2a50a23629c73e0fa3246a5c6acd3

    SHA256

    e8bcf5e91e03d5c40dab111f276c7e15800228851fd3bae12b55c3d02a9b8a06

    SHA512

    beb9d7f79460d8077f80a0821e0e9e14b8783b2990bcadc46577e7f3fb3f27c183c67c5b9c9a4825858dc6ef9a12f5446a72c1ba91f56930d53128f8bbaa7006

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d8b0abf59fc2099d137f5b1932d870f

    SHA1

    b9968f30005c708e979104ea2f8abc63a5c247ec

    SHA256

    a9acc28fb3402935f4b1a8a67835e4b8bc73163ea0f1fa75eddb7347308ef224

    SHA512

    6d28904a9c3c750094f48e80848ccdbb85a1d24080e04e9ff4d582754fe240792c7fdabc0ac4e4e7a7c1f960761cea58e142c17b73f20429ba61add956130a6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    373c6eaa059a975ab7bc48a31e24cef2

    SHA1

    25ded7c67111bc27b16a7c11f58bce5b1228a53b

    SHA256

    3ca8c22980929af59a7319b1f248a99aca181965a26ebe54841bbc58eec3cccb

    SHA512

    5bb984b8173ed61123336a7e01eed0d9f8c77a211f9878b4242937b2566b2782e8f9c14c3127747fdead1138e446706017dc478f2b8b33ab08321724f8818616

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    62328babdf41fba7ca823ffd0afdf7d5

    SHA1

    e7abcc7d5f0f722de83f588ea771bb37aa272d89

    SHA256

    4bea9d53f0be2de13ba106f14372b32bb39966cadb45ef395f6871ab9bc47723

    SHA512

    2e5c0f9a74cebd1bbf255737d73f38e6339dfbc3972786bdb55916ab7f2781cf51e4b840ade46f6ec3067d7dd9d4f90e3de0ee6d1ddca7e25e4713cd96a4947c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UORESFNG\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA344.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA3E3.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3FOK6FAH.txt
    Filesize

    603B

    MD5

    31651654e673f7a7a80fda9c1f315acc

    SHA1

    fb8dfc24c860cd532c4de3691ab3f0a159544766

    SHA256

    7856965eaee0d7a6cee74fbce14a0dcfa1bcfb98702c1b1a0dc60f62029683fa

    SHA512

    7b3410477735513808635fb5f651a17aa80cea7949786a1ba9f6ccaa8cc3a8eb56374d5e145264bbc92d664674d65a1fc9ed6d92b29a1b0245416033718668ba

    Download Submit