Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
173s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
resource tags
arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system -
submitted
17/07/2022, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220715-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20220414-en
3 signatures
150 seconds
General
-
Target
1.exe
-
Size
1.8MB
-
MD5
428ec9e689b020e46b7b5432bd6dd758
-
SHA1
5127962f1fa9cfbd652d59575d1466dd673dfcc7
-
SHA256
00926795599d6af73ade5d42b97d88a487024f3169dd625bf20d213a6a3ecba3
-
SHA512
9adf153c60c0d48daf4ae6981c95a3af1725afd8ad38b387be508e2fb0e13dd4030af2a8d37a834b9b8520c71bcd732291c6333063c2560a7065d47fdef4b5a4
Score
10/10
Malware Config
Signatures
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2324 set thread context of 202864 2324 1.exe 79 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2324 wrote to memory of 202864 2324 1.exe 79 PID 2324 wrote to memory of 202864 2324 1.exe 79 PID 2324 wrote to memory of 202864 2324 1.exe 79 PID 2324 wrote to memory of 202864 2324 1.exe 79 PID 2324 wrote to memory of 202864 2324 1.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\1.exe"C:\Users\Admin\AppData\Local\Temp\1.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:202864
-