phoenixstealer | 114597ce6ce72d2e30ba0d86e20562c2e6b477838d30ed6ec998f315573bc1ba

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
11/08/2022, 15:39

Target

terror.exe
Size

4.1MB
MD5

77dd31adbf6895ba075fa0e4864b0017
SHA1

bed7e4ae5247c536868a4474c640fe808dc05bf7
SHA256

114597ce6ce72d2e30ba0d86e20562c2e6b477838d30ed6ec998f315573bc1ba
SHA512

dc7c4ec8a9f6d091d263713b5c321318c44844126e64ae51ca4d73ea85424854f382ba7ee34c96290c1eab44433bbfbcf23f467245ae64f58b5640db4cf8a630

Score

10^/10

PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
stealer phoenixstealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 892 set thread context of 82768	892	terror.exe	29

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29
PID 892 wrote to memory of 82768	892	terror.exe	29

C:\Users\Admin\AppData\Local\Temp\terror.exe
"C:\Users\Admin\AppData\Local\Temp\terror.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:82768

memory/892-54-0x0000000000400000-0x0000000000B55000-memory.dmp

Filesize
7.3MB

Download
memory/82768-60-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/82768-62-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/82768-70-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/82768-71-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/82768-72-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download