Overview

overview

6

Static

static

3

PvZWidescr....2.zip

windows7-x64

1

PvZWidescr....2.zip

windows10-2004-x64

1

PvZWidescr...es.exe

windows7-x64

1

PvZWidescr...es.exe

windows10-2004-x64

6

PvZWidescr...ss.dll

windows7-x64

1

PvZWidescr...ss.dll

windows10-2004-x64

1

PvZWidescr...la.txt

windows7-x64

1

PvZWidescr...la.txt

windows10-2004-x64

1

PvZWidescr...in.pak

windows7-x64

PvZWidescr...in.pak

windows10-2004-x64

PvZWidescr...er.xml

windows7-x64

1

PvZWidescr...er.xml

windows10-2004-x64

3

PvZWidescr...ml.sig

windows7-x64

PvZWidescr...ml.sig

windows10-2004-x64

PvZWidescr...go.jpg

windows7-x64

3

PvZWidescr...go.jpg

windows10-2004-x64

PvZWidescr...en.exe

windows7-x64

1

PvZWidescr...en.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2023 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PvZWidescreen_1.1.2/properties/partner_logo.jpg

  • Size

    5KB

  • MD5

    834e499dfc1116d26c3b229f69019149

  • SHA1

    6eb52bf63ec5265faa360abebf2b7f634696f0b1

  • SHA256

    8bea233c40ddf74decf3ddd0a3d4cef8e1229ca3a756384e78d319aca0b63113

  • SHA512

    c5ac5f9b41ff6af9d132c0f4c8a9e6a841261f24bd7e9eaac1864d87489639516af348271e11b60df959711d65af9bdc59337d0d6a718cbd10f17beefd93380b

  • SSDEEP

    96:QmkRc7wS6P394hdqW+53qcPnBRZ+XT6u7H1NKZgKgsH13AapOEz:Q7RB/P8dqOUBaTr1NKZQsHCKO4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\PvZWidescreen_1.1.2\properties\partner_logo.jpg
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2372

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2372-54-0x0000000001D20000-0x0000000001D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2372-55-0x0000000001D20000-0x0000000001D21000-memory.dmp

    Filesize

    4KB

    Download