Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    173s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/07/2022, 15:50

General

  • Target

    1.exe

  • Size

    1.8MB

  • MD5

    428ec9e689b020e46b7b5432bd6dd758

  • SHA1

    5127962f1fa9cfbd652d59575d1466dd673dfcc7

  • SHA256

    00926795599d6af73ade5d42b97d88a487024f3169dd625bf20d213a6a3ecba3

  • SHA512

    9adf153c60c0d48daf4ae6981c95a3af1725afd8ad38b387be508e2fb0e13dd4030af2a8d37a834b9b8520c71bcd732291c6333063c2560a7065d47fdef4b5a4

Score
10/10

Malware Config

Signatures

  • PhoenixStealer

    PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    "C:\Users\Admin\AppData\Local\Temp\1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:202864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/202864-131-0x0000000000400000-0x000000000048E000-memory.dmp

      Filesize

      568KB

    • memory/202864-138-0x0000000000400000-0x000000000048E000-memory.dmp

      Filesize

      568KB