Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-07-2022 07:35
Static task
static1
Behavioral task
behavioral1
Sample
q.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
q.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
q.exe
-
Size
2.8MB
-
MD5
77636b47fc9e1bc61a4a019371e09390
-
SHA1
615275ae7a28ee86cd9f4f586a3c7c5366490444
-
SHA256
7fbed14d0d7d52a459fc29bae6a62eedd0a69649049b8f9ac37e1297acc3b277
-
SHA512
ea73fe48dc36d0dd2344e3389bb70a7f047a210f08578bdb5ff4e690e3f95fab0412edcb52819234ca28ff0d983fa8646bc1e2e76f1134df937896f115f8c37d
Score
10/10
Malware Config
Signatures
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2384 set thread context of 215196 2384 q.exe 82 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2384 wrote to memory of 215196 2384 q.exe 82 PID 2384 wrote to memory of 215196 2384 q.exe 82 PID 2384 wrote to memory of 215196 2384 q.exe 82 PID 2384 wrote to memory of 215196 2384 q.exe 82 PID 2384 wrote to memory of 215196 2384 q.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\q.exe"C:\Users\Admin\AppData\Local\Temp\q.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:215196
-