Analysis
-
max time kernel
149s -
max time network
78s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
05-11-2020 16:25
General
-
Target
a.scr
-
Size
15KB
-
MD5
ba74a7cb5a12d713229105df94a9e418
-
SHA1
c128af146a1f7ed27d702aa6ad7600d7ca3510cb
-
SHA256
1589137eea1bc46db43c9b9229402646773876d527585f68fd58d37add5d8402
-
SHA512
897c3906884ec1c836831308d023fc06e3b9aa92e8ef0fe8692d66f2965fce45d63eca2a936e5a6672a28fefa4b52ae0812eacfe3b27526509a19d105aba6eee
Score
10/10
Malware Config
Signatures
-
Phorphiex Worm
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Windows security bypass 2 TTPs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Windows security modification 2 TTPs 4 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a.scr"C:\Users\Admin\AppData\Local\Temp\a.scr" /S1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c start C:\Users\Admin\AppData\Local\Temp\33427.jpg2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\24857.exeC:\Users\Admin\AppData\Local\Temp\24857.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\65971246227968\winsvcs.exeC:\65971246227968\winsvcs.exe3⤵
- Executes dropped EXE
- Windows security modification
-
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB