Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    22-03-2022 19:19

General

  • Target

    52768773.exe

  • Size

    1.1MB

  • MD5

    cab000059d249508c491d28e0fecc84e

  • SHA1

    12ab2f870432381662ca2c3390026b585a3a3422

  • SHA256

    6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71

  • SHA512

    9f3963dd8ed36d3c90bb151aa5a0e327c2984c09c8c0d1cd2cf5e372043217794e6b6de668ee53e4ae699d595efec41de51c350e60f79f34c01ed431218d19be

Score
10/10

Malware Config

Signatures

  • PhoenixStealer

    PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52768773.exe
    "C:\Users\Admin\AppData\Local\Temp\52768773.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:4544

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1532-142-0x0000000002670000-0x00000000026D0000-memory.dmp

      Filesize

      384KB

    • memory/4544-135-0x0000000000400000-0x000000000048D000-memory.dmp

      Filesize

      564KB

    • memory/4544-143-0x0000000000400000-0x000000000048D000-memory.dmp

      Filesize

      564KB