Overview

overview

3

Static

static

1

PvZ_Toolki....3.zip

windows7-x64

1

PvZ_Toolki....3.zip

windows10-2004-x64

1

PvZ_Toolki....3.exe

windows7-x64

1

PvZ_Toolki....3.exe

windows10-2004-x64

1

PvZ_Toolki...xe.asc

windows7-x64

3

PvZ_Toolki...xe.asc

windows10-2004-x64

3

PvZ_Toolki...e.hash

windows7-x64

3

PvZ_Toolki...e.hash

windows10-2004-x64

3

PvZ_Toolki...h).exe

windows7-x64

1

PvZ_Toolki...h).exe

windows10-2004-x64

1

PvZ_Toolki...xe.asc

windows7-x64

1

PvZ_Toolki...xe.asc

windows10-2004-x64

1

PvZ_Toolki...e.hash

windows7-x64

1

PvZ_Toolki...e.hash

windows10-2004-x64

1

PvZ_Toolki...ds.yml

windows7-x64

3

PvZ_Toolki...ds.yml

windows10-2004-x64

3

PvZ_Toolki...up.yml

windows7-x64

3

PvZ_Toolki...up.yml

windows10-2004-x64

3

PvZ_Toolki...sh.png

windows7-x64

3

PvZ_Toolki...sh.png

windows10-2004-x64

3

PvZ_Toolki...pt.url

windows7-x64

1

PvZ_Toolki...pt.url

windows10-2004-x64

1

PvZ_Toolki...X1.der

windows7-x64

1

PvZ_Toolki...X1.der

windows10-2004-x64

1

PvZ_Toolki...X2.der

windows7-x64

1

PvZ_Toolki...X2.der

windows10-2004-x64

1

PvZ_Toolki...s).url

windows7-x64

1

PvZ_Toolki...s).url

windows10-2004-x64

1

PvZ_Toolki...t).url

windows7-x64

1

PvZ_Toolki...t).url

windows10-2004-x64

1

PvZ_Toolki...s).url

windows7-x64

1

PvZ_Toolki...s).url

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2024 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PvZ_Toolkit_v1.20.3/PvZ_Toolkit_v1.20.3.exe.hash

  • Size

    318B

  • MD5

    126d8ad9e5917f16fe474d1f1d89aefd

  • SHA1

    0198f98f6cd18cb93b48e4df26894da2fc562c6d

  • SHA256

    a72e336ed2d8ac7b7fcf5beff5619a2c905b860d574aeeaeea96fb0b46fb2f80

  • SHA512

    03ac31844d95f64a71938fc51f015556e9acfc9811626d424024d6bbfb89fc8809779d6bbde84428e2653de35083b5ee71eeea180657813972890b68e7e7f272

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\PvZ_Toolkit_v1.20.3.exe.hash
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\PvZ_Toolkit_v1.20.3.exe.hash
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PvZ_Toolkit_v1.20.3\PvZ_Toolkit_v1.20.3.exe.hash"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    da1a9efef2e04bf7d833513f79e7a6ae

    SHA1

    13bb22616b323a51e31da6f6467fc61b49563124

    SHA256

    a2cbc1d552c4c5cf4dbed584b682279d216b365f2c5b5220f08eb3990eacfae5

    SHA512

    272a605f309605ba3a81065d6545473ba84f2ef95f70c70fae2aab6a7ee769468bc1dc8bef3ed6ff0ab72f68d5a05835097f39df3a7c2e197ebd4f0da1b391d0

    Download Submit