Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2024 16:01

General

  • Target

    PvZ_Toolkit_v1.20.3/lineup.yml

  • Size

    27KB

  • MD5

    4cfc666e635f226aa6ef67c7ce0a7e33

  • SHA1

    78d0bbbec851bfbb1e2df25a6a256d8073348c29

  • SHA256

    5e66d5eed40a4e47682b1673dbb82e3d5ba58a4bf598f0419c117f38cffd4b1d

  • SHA512

    c6f04d0be0f33af4cb37dbbc44bd77238b7f24b65c5c68cab50777b31b64ebc1bc1b2bdaf6fd01c52ff6ffdfd01a8cc32158ecd7d574d12fd8c537acb1cb0938

  • SSDEEP

    768:MCq6fysNjk8Kc5KxVyn7nh3k+Vzfecukqr4e9BrP:Q6fysNjde47t/heD1r59BrP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\lineup.yml
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\lineup.yml
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\lineup.yml"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    e4c5362a2d2b0403f3e3c790493dc42c

    SHA1

    5e987006b2def10c739ffb5ad0c0f2a8470fff57

    SHA256

    6d80925b3c6f0ce5cfb5d54d3e9efdb6be9f78d229e15785b99393199d9e5151

    SHA512

    ba55e2c44c48241b8ebe44ffc4c4256f29abe434c76648d26922cb318fd4d748eb3d494f3d58aaa07596a7ffe27b4d18565c88ff6c35bf0ad73bdc38d953ce01

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.