Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-07-2022 07:35

General

  • Target

    q.exe

  • Size

    2.8MB

  • MD5

    77636b47fc9e1bc61a4a019371e09390

  • SHA1

    615275ae7a28ee86cd9f4f586a3c7c5366490444

  • SHA256

    7fbed14d0d7d52a459fc29bae6a62eedd0a69649049b8f9ac37e1297acc3b277

  • SHA512

    ea73fe48dc36d0dd2344e3389bb70a7f047a210f08578bdb5ff4e690e3f95fab0412edcb52819234ca28ff0d983fa8646bc1e2e76f1134df937896f115f8c37d

Score
10/10

Malware Config

Signatures

  • PhoenixStealer

    PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\q.exe
    "C:\Users\Admin\AppData\Local\Temp\q.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:215196

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2384-139-0x0000000000400000-0x00000000005C5000-memory.dmp

      Filesize

      1.8MB

    • memory/215196-131-0x0000000000400000-0x000000000048E000-memory.dmp

      Filesize

      568KB

    • memory/215196-138-0x0000000000400000-0x000000000048E000-memory.dmp

      Filesize

      568KB