Overview

overview

3

Static

static

1

PvZ_Toolki....3.zip

windows7-x64

1

PvZ_Toolki....3.zip

windows10-2004-x64

1

PvZ_Toolki....3.exe

windows7-x64

1

PvZ_Toolki....3.exe

windows10-2004-x64

1

PvZ_Toolki...xe.asc

windows7-x64

3

PvZ_Toolki...xe.asc

windows10-2004-x64

3

PvZ_Toolki...e.hash

windows7-x64

3

PvZ_Toolki...e.hash

windows10-2004-x64

3

PvZ_Toolki...h).exe

windows7-x64

1

PvZ_Toolki...h).exe

windows10-2004-x64

1

PvZ_Toolki...xe.asc

windows7-x64

1

PvZ_Toolki...xe.asc

windows10-2004-x64

1

PvZ_Toolki...e.hash

windows7-x64

1

PvZ_Toolki...e.hash

windows10-2004-x64

1

PvZ_Toolki...ds.yml

windows7-x64

3

PvZ_Toolki...ds.yml

windows10-2004-x64

3

PvZ_Toolki...up.yml

windows7-x64

3

PvZ_Toolki...up.yml

windows10-2004-x64

3

PvZ_Toolki...sh.png

windows7-x64

3

PvZ_Toolki...sh.png

windows10-2004-x64

3

PvZ_Toolki...pt.url

windows7-x64

1

PvZ_Toolki...pt.url

windows10-2004-x64

1

PvZ_Toolki...X1.der

windows7-x64

1

PvZ_Toolki...X1.der

windows10-2004-x64

1

PvZ_Toolki...X2.der

windows7-x64

1

PvZ_Toolki...X2.der

windows10-2004-x64

1

PvZ_Toolki...s).url

windows7-x64

1

PvZ_Toolki...s).url

windows10-2004-x64

1

PvZ_Toolki...t).url

windows7-x64

1

PvZ_Toolki...t).url

windows10-2004-x64

1

PvZ_Toolki...s).url

windows7-x64

1

PvZ_Toolki...s).url

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2024 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PvZ_Toolkit_v1.20.3/lineup.yml

  • Size

    27KB

  • MD5

    4cfc666e635f226aa6ef67c7ce0a7e33

  • SHA1

    78d0bbbec851bfbb1e2df25a6a256d8073348c29

  • SHA256

    5e66d5eed40a4e47682b1673dbb82e3d5ba58a4bf598f0419c117f38cffd4b1d

  • SHA512

    c6f04d0be0f33af4cb37dbbc44bd77238b7f24b65c5c68cab50777b31b64ebc1bc1b2bdaf6fd01c52ff6ffdfd01a8cc32158ecd7d574d12fd8c537acb1cb0938

  • SSDEEP

    768:MCq6fysNjk8Kc5KxVyn7nh3k+Vzfecukqr4e9BrP:Q6fysNjde47t/heD1r59BrP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\lineup.yml
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\lineup.yml
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\lineup.yml"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2996

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e4c5362a2d2b0403f3e3c790493dc42c

    SHA1

    5e987006b2def10c739ffb5ad0c0f2a8470fff57

    SHA256

    6d80925b3c6f0ce5cfb5d54d3e9efdb6be9f78d229e15785b99393199d9e5151

    SHA512

    ba55e2c44c48241b8ebe44ffc4c4256f29abe434c76648d26922cb318fd4d748eb3d494f3d58aaa07596a7ffe27b4d18565c88ff6c35bf0ad73bdc38d953ce01

    Download Submit