Analysis
-
max time kernel
140s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:58
Behavioral task
behavioral1
Sample
PlantsVsZombies/七喜下载站更多精品纯净绿色软件下载.url
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
PlantsVsZombies/七喜下载站更多精品纯净绿色软件下载.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
PlantsVsZombies/植物大战僵尸修改器.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
PlantsVsZombies/植物大战僵尸修改器.exe
Resource
win10v2004-20240611-en
General
-
Target
PlantsVsZombies/植物大战僵尸修改器.exe
-
Size
6KB
-
MD5
c989619e1cd63b323a29fef62c992a67
-
SHA1
6f594cd2f3c9eb258baa28a9c0f93f705f78b53e
-
SHA256
197a0a40edc4469a7c35dfc5125e0bdc86af2515d98fac47e888fb03404f8923
-
SHA512
e628bf8a6534230c332b75112847b8b02737bc3999023078713c0f294bf78cca3d1a44a15ffd59dd75af9f08e7fb7ee6f510b299134e051878d75eb126fddb62
-
SSDEEP
192:Fr3wJoFMBbVhPGa/jsUnWsoAJ05TBq3z76BdeW:FhFMBbljpDT05lgW
Malware Config
Signatures
-
resource yara_rule behavioral4/memory/5068-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral4/memory/5068-1-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 5068 植物大战僵尸修改器.exe Token: SeIncBasePriorityPrivilege 5068 植物大战僵尸修改器.exe