Overview

overview

3

Static

static

1

Plants vs....orrent

windows7-x64

3

Plants vs....orrent

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Plants vs. Zombies Game of the Year Edition [P] [RUS + ENG RUS + ENG] (2009) (1.2.0.1096) [P2P] [rutracker-6443416].torrent

  • Size

    12KB

  • MD5

    91c5cbc9f1959ade9cb88694ab637f9d

  • SHA1

    5786c6b3f643b93a470786e28fa9a08da0df8282

  • SHA256

    b4fca8ce43cfbf8a328cf7340511e6a95cca91cb973d1854c5abf0778d956647

  • SHA512

    403406131d87b2d6ba4ffcd3eb230e9cd6734e92464905c64014868588a29f5bf462b33e56f8ebcc3f900348abf4cf47ed04716198cc6338467b3ae0e9f8a00f

  • SSDEEP

    384:n0P/KwghxJZfBGfp9ogJKOSR2jxfPggbgz4tlm/Ec4L:0P/jgD3OqkK7R2jxHDtloVg

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Plants vs. Zombies Game of the Year Edition [P] [RUS + ENG RUS + ENG] (2009) (1.2.0.1096) [P2P] [rutracker-6443416].torrent"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Plants vs. Zombies Game of the Year Edition [P] [RUS + ENG RUS + ENG] (2009) (1.2.0.1096) [P2P] [rutracker-6443416].torrent
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Plants vs. Zombies Game of the Year Edition [P] [RUS + ENG RUS + ENG] (2009) (1.2.0.1096) [P2P] [rutracker-6443416].torrent"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    26f6692357daa3199c4462c0e46383f2

    SHA1

    ecf449dad085ab1ef4294bceb1837772c3f45753

    SHA256

    16cecd4edddb6e92ad4c8e27aa332c1dfafbe795209a65111a91bedb2cf08382

    SHA512

    1a18bbc9f0fa49b5a9fde04a889828641b10d14ea99ae28d9aee1634fa6941d8123c553c3ef204c63d31a863ad1d6b5bc06e296e4e8e3759c631ef4398f2721f

    Download Submit