Overview

overview

3

Static

static

3

融合版�...ly.dll

windows7-x64

1

融合版�...ly.dll

windows10-2004-x64

1

融合版�...RH.exe

windows7-x64

1

融合版�...RH.exe

windows10-2004-x64

1

融合版�...ed.dll

windows7-x64

1

融合版�...ed.dll

windows10-2004-x64

1

融合版�...64.exe

windows7-x64

1

融合版�...64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    融合版迷雾2.1.3版本/PlantsVsZombiesRH.exe

  • Size

    651KB

  • MD5

    882d02f5907c402a9f28dd7584149168

  • SHA1

    95a2b0c99886cbc7b849004ea0e0a8eb825c98c6

  • SHA256

    4e013f15a3f60c6d01e433ac22aa5476dcb353f4fde3788e0bd5e3b856f50c60

  • SHA512

    0ad9d73985152cdf93a465df6353163ae73c81e1d867df0174e857cbc684af49e4e9d106f1bf969b797ad0b05e45fb4bf5f8d4cff0c08d127890ec04305e1928

  • SSDEEP

    12288:GH744aOD8yRbYq7TPGn38lXR5GIKklvZhW9Y:M9aON8sGn3kD/lxhWq

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\融合版迷雾2.1.3版本\PlantsVsZombiesRH.exe
    "C:\Users\Admin\AppData\Local\Temp\融合版迷雾2.1.3版本\PlantsVsZombiesRH.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Users\Admin\AppData\Local\Temp\融合版迷雾2.1.3版本\UnityCrashHandler64.exe
      "C:\Users\Admin\AppData\Local\Temp\融合版迷雾2.1.3版本\UnityCrashHandler64.exe" --attach 2160 1052672
      2⤵
        PID:2376

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\LanPiaoPiao\PlantsVsZombiesRH\Unity\local.9930545fac62bb54b88029ee6340031a\Analytics\ArchivedEvents\172797725000002.806e404a\c
      Filesize

      1B

      MD5

      c81e728d9d4c2f636f067f89cc14862c

      SHA1

      da4b9237bacccdf19c0760cab7aec4a8359010b0

      SHA256

      d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

      SHA512

      40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\LanPiaoPiao\PlantsVsZombiesRH\Unity\local.9930545fac62bb54b88029ee6340031a\Analytics\ArchivedEvents\172797725000002.806e404a\s
      Filesize

      466B

      MD5

      a8b28dea540ed793bc30bfda83fb2965

      SHA1

      925339280473913d74dea7dbe41b747d57f0e2c3

      SHA256

      afec93f5be4c82c64b2b8150d4ccd585e840bd2787a0a760dee4c954c3d630c8

      SHA512

      55556d76c523ec7c41096758d716db6305d9fa35fa589e4f3fd0ec5485672e2231bf31464254c29315eaaeb3e5e6c48dd318981fb80a61451f7eef2a58d7d313

      Download Submit

    • memory/2160-61-0x000007FFFFE80000-0x000007FFFFE90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2160-65-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp

      Filesize

      64KB

      Download