Overview
overview
3Static
static
3PvZ_Tools_v2.7.5.zip
windows7-x64
1PvZ_Tools_v2.7.5.zip
windows10-2004-x64
1PvZ_Tools_...ds.url
windows7-x64
1PvZ_Tools_...ds.url
windows10-2004-x64
1PvZ_Tools_...es.url
windows7-x64
1PvZ_Tools_...es.url
windows10-2004-x64
1PvZ_Tools_...it.url
windows7-x64
1PvZ_Tools_...it.url
windows10-2004-x64
1PvZ_Tools_...pt.url
windows7-x64
1PvZ_Tools_...pt.url
windows10-2004-x64
1PvZ_Tools_...X1.der
windows7-x64
1PvZ_Tools_...X1.der
windows10-2004-x64
1PvZ_Tools_...X2.der
windows7-x64
1PvZ_Tools_...X2.der
windows10-2004-x64
1PvZ_Tools_....5.exe
windows7-x64
1PvZ_Tools_....5.exe
windows10-2004-x64
1PvZ_Tools_...xe.asc
windows7-x64
3PvZ_Tools_...xe.asc
windows10-2004-x64
3PvZ_Tools_...e.hash
windows7-x64
3PvZ_Tools_...e.hash
windows10-2004-x64
3PvZ_Tools_...re.dll
windows7-x64
3PvZ_Tools_...re.dll
windows10-2004-x64
3PvZ_Tools_...ui.dll
windows7-x64
1PvZ_Tools_...ui.dll
windows10-2004-x64
1PvZ_Tools_...rk.dll
windows7-x64
3PvZ_Tools_...rk.dll
windows10-2004-x64
3PvZ_Tools_...ts.dll
windows7-x64
3PvZ_Tools_...ts.dll
windows10-2004-x64
3PvZ_Tools_...er.dll
windows7-x64
1PvZ_Tools_...er.dll
windows10-2004-x64
1PvZ_Tools_...if.dll
windows7-x64
1PvZ_Tools_...if.dll
windows10-2004-x64
1Analysis
-
max time kernel
51s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-06-2024 20:26
Static task
static1
Behavioral task
behavioral1
Sample
PvZ_Tools_v2.7.5.zip
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
PvZ_Tools_v2.7.5.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
PvZ_Tools_v2.7.5/???????/???? Endless Builds.url
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
PvZ_Tools_v2.7.5/???????/???? Endless Builds.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
PvZ_Tools_v2.7.5/???????/???? Plants vs. Zombies.url
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
PvZ_Tools_v2.7.5/???????/???? Plants vs. Zombies.url
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
PvZ_Tools_v2.7.5/???????/???? PvZ Toolkit.url
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
PvZ_Tools_v2.7.5/???????/???? PvZ Toolkit.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
PvZ_Tools_v2.7.5/???????/HTTPS ???/Chain of Trust - Let's Encrypt.url
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
PvZ_Tools_v2.7.5/???????/HTTPS ???/Chain of Trust - Let's Encrypt.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
PvZ_Tools_v2.7.5/???????/HTTPS ???/ISRG Root X1.der
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
PvZ_Tools_v2.7.5/???????/HTTPS ???/ISRG Root X1.der
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
PvZ_Tools_v2.7.5/???????/HTTPS ???/ISRG Root X2.der
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
PvZ_Tools_v2.7.5/???????/HTTPS ???/ISRG Root X2.der
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
PvZ_Tools_v2.7.5/PvZ_Tools_v2.7.5.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
PvZ_Tools_v2.7.5/PvZ_Tools_v2.7.5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
PvZ_Tools_v2.7.5/PvZ_Tools_v2.7.5.exe.asc
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
PvZ_Tools_v2.7.5/PvZ_Tools_v2.7.5.exe.asc
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
PvZ_Tools_v2.7.5/PvZ_Tools_v2.7.5.exe.hash
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
PvZ_Tools_v2.7.5/PvZ_Tools_v2.7.5.exe.hash
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
PvZ_Tools_v2.7.5/Qt5Core.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
PvZ_Tools_v2.7.5/Qt5Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
PvZ_Tools_v2.7.5/Qt5Gui.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
PvZ_Tools_v2.7.5/Qt5Gui.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
PvZ_Tools_v2.7.5/Qt5Network.dll
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
PvZ_Tools_v2.7.5/Qt5Network.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
PvZ_Tools_v2.7.5/Qt5Widgets.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
PvZ_Tools_v2.7.5/Qt5Widgets.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
PvZ_Tools_v2.7.5/bearer/qgenericbearer.dll
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
PvZ_Tools_v2.7.5/bearer/qgenericbearer.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
PvZ_Tools_v2.7.5/imageformats/qgif.dll
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
PvZ_Tools_v2.7.5/imageformats/qgif.dll
Resource
win10v2004-20240508-en
General
-
Target
PvZ_Tools_v2.7.5/imageformats/qgif.dll
-
Size
24KB
-
MD5
cdf8fbded378deb5cbcac46c1304c803
-
SHA1
af160aa7b45c62eab1f4c2e0252cbb341e6d6004
-
SHA256
e7654a0810ea25c90eb74200bd68713dc713022d52e82789fa989000aaec77a8
-
SHA512
367a5ffa0a3cc7d0f73726750962e956087b1eb7f672db461039f1282dfc352a553526c7299d94dd8b94126a76c5f119de16f35c8ddc0e715a355c7366e917a0
-
SSDEEP
384:Vfghkmf8Eami5sMY2WKbLEWEwfue8+Y9JW8//90LGg9K83Vwm5qHqs5XL+:6hyudh2XEWNuIkM8//GLGUK2hoHqsFC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2448 wrote to memory of 1392 2448 rundll32.exe 80 PID 2448 wrote to memory of 1392 2448 rundll32.exe 80 PID 2448 wrote to memory of 1392 2448 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.5\imageformats\qgif.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.5\imageformats\qgif.dll,#12⤵PID:1392
-
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR