Analysis
-
max time kernel
120s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
22-03-2022 19:19
Static task
static1
Behavioral task
behavioral1
Sample
52768773.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
52768773.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
52768773.exe
-
Size
1.1MB
-
MD5
cab000059d249508c491d28e0fecc84e
-
SHA1
12ab2f870432381662ca2c3390026b585a3a3422
-
SHA256
6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71
-
SHA512
9f3963dd8ed36d3c90bb151aa5a0e327c2984c09c8c0d1cd2cf5e372043217794e6b6de668ee53e4ae699d595efec41de51c350e60f79f34c01ed431218d19be
Score
10/10
Malware Config
Signatures
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1532 set thread context of 4544 1532 52768773.exe 84 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1532 wrote to memory of 4544 1532 52768773.exe 84 PID 1532 wrote to memory of 4544 1532 52768773.exe 84 PID 1532 wrote to memory of 4544 1532 52768773.exe 84 PID 1532 wrote to memory of 4544 1532 52768773.exe 84 PID 1532 wrote to memory of 4544 1532 52768773.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\52768773.exe"C:\Users\Admin\AppData\Local\Temp\52768773.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:4544
-