Overview

overview

7

Static

static

3

pvz.exe

windows7-x64

7

pvz.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...in.dll

windows7-x64

1

$PLUGINSDI...in.dll

windows10-2004-x64

1

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...zU.dll

windows7-x64

3

$PLUGINSDI...zU.dll

windows10-2004-x64

3

PlantsVsZombies.exe

windows7-x64

1

PlantsVsZombies.exe

windows10-2004-x64

6

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

gdi42.dll

windows7-x64

1

gdi42.dll

windows10-2004-x64

1

pvzHE-Laun...XP.exe

windows7-x64

1

pvzHE-Laun...XP.exe

windows10-2004-x64

6

pvzHE-Launcher.exe

windows7-x64

1

pvzHE-Launcher.exe

windows10-2004-x64

6

pvzHE-Save...te.exe

windows7-x64

1

pvzHE-Save...te.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pvz.exe

  • Size

    73.6MB

  • MD5

    1e70ff1df951f6dc11f55554d15f2c37

  • SHA1

    714a0c595764c5d6c45cf5254fcad67a9cc8f10a

  • SHA256

    94a47191fb3a307fdaa84a1f8f31d8e1b4b79b34048814725c373e54f3d4e37a

  • SHA512

    9b9b44f42a5050e50550b8c266bdc9411598576ebcb10db896c991d792fc54c43429f63d8d7833257e06e916d73fc0f729357858aa046f202eab762c96259ddd

  • SSDEEP

    1572864:lmMjfJ+8Xk4dNaZJyxA2fYlGsazJWE5jqerWb:lBzJ+aaKilGsazkEQerWb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\pvz.exe
    "C:\Users\Admin\AppData\Local\Temp\pvz.exe"
    1⤵
    • Loads dropped DLL
    PID:1492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsb63BC.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb63BC.tmp\nsNiuniuSkin.dll
    Filesize

    891KB

    MD5

    cb9ccb0f6923b5e38221a2c9603eb669

    SHA1

    7214cae53f36cab79841e9d49b07cffd7ce5e1c5

    SHA256

    6a38b8084e7493ff57ea3eda7101fbfd6113d8470531b479ce05cefb4e34bc79

    SHA512

    5d510870559737ba9f10447716a654e3aa609b64a1b753e2d3722b7b92e1768980d2ff070e639add57a13a7941c1d680ffa6e13abd47c44b1d18a230590ebb6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb63BC.tmp\skin.zip
    Filesize

    2.4MB

    MD5

    293238829de472db381be13aa9173495

    SHA1

    75d6d4bc7992385167d1d4318edc9beb953db641

    SHA256

    7442eea2b3cc5865d6a18d47828840e5545b32ca8273c1d90ab55092e1c760af

    SHA512

    c7b44786810957f45c5e955c2880dd2f1d83fbe7715855d0f495de98372cf74b3a4a6e00e2dbe851fe69ec4212d1938fcb5fca882f722811060fccb3e5d5939a

    Download Submit