Overview

overview

10

Static

static

000005.exe

windows7_x64

10

000005.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    57s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    17-02-2022 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    000005.exe

  • Size

    1.4MB

  • MD5

    f69b832184bb5f7830e65bfeeda9906d

  • SHA1

    c5c8d20594de19fa7ddbc1210c894cc7aa0c63c9

  • SHA256

    22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7

  • SHA512

    e15ee68cd6213cb8c4f1d3d22d63236536452ca344de1b7fe07d7aeaa3012faae7cb0bb09be10c254e7209dccdb775cd5156295183567bcdf492339c2834a822

Score
10/10
phoenixstealerstealer

Malware Config

Signatures

  • PhoenixStealer

    PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

    stealerphoenixstealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\000005.exe
    "C:\Users\Admin\AppData\Local\Temp\000005.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/760-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/760-55-0x0000000001140000-0x0000000001534000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/760-56-0x000000000144D000-0x0000000001534000-memory.dmp

    Filesize

    924KB

    Download