d19e918e9ba2779c4cd3283e10b95fd4e7b101885a8912e77302e1afa104cd7e

Analysis

max time kernel
149s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlantsVsZombies(95)bgm.exe
Size

2.9MB
MD5

3d93869a937ea2e9a4b734fa11b184be
SHA1

5f7b6b97772e2cb369dc8d01a5b8d5948ce53e07
SHA256

83232d75e1a1f8afada04dfd585be0aa817fcee0905431e89e69dbcde53f673b
SHA512

6c5b2599c8ec03fced4798f671e4acf12488171435913df2b5d73645b6dccbe4ff610f2a61b92c1f89186bd2e6f546f75421c2aa00352b14a147d5afa2d94c8e
SSDEEP

49152:CGdDsCOsx3R+ijGgz4M/acyHUmaeeDR/h2xOfpDyYJNo/vMAMDphx96S7kf3PAg:Vzf6ijFUMeeDdhnY9MDK3Ig

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3744	PlantsVsZombies(95)bgm.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5024	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\PlantsVsZombies(95)bgm.exe
"C:\Users\Admin\AppData\Local\Temp\PlantsVsZombies(95)bgm.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3744-0-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-1-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-2-0x0000000006670000-0x0000000006671000-memory.dmp

Filesize
4KB

Download
memory/3744-3-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-7-0x0000000006670000-0x0000000006671000-memory.dmp

Filesize
4KB

Download
memory/3744-60-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-57-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-66-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-65-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-181-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-182-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-183-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-184-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-185-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-186-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-187-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-188-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-189-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-190-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-191-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-192-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-193-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-194-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/3744-195-0x0000000006390000-0x0000000006502000-memory.dmp

Filesize
1.4MB

Download
memory/3744-196-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads