phoenixstealer | 0e9bd347ccbbd15dfcaeb2b245cda326b4e3e6dfbeff404e02e483ee34368117 | Triage

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2022 19:01

Sharing

Report Analysis Logs

General

Target

CANVA CRACK PRO.exe
Size

4.0MB
MD5

c95dcd2ed3cf1b51eb5f7293f590f99c
SHA1

f1a6565d6c784546d9a813993e299d4c77222ce9
SHA256

506b67c64e2482e03bcf84d48e341fb25582d9a066ef7b0750aeee180395f497
SHA512

3811fbe106eea48eef549280649ee70915f2c63634d836f74d10e19e9415ccb42c681922dcf2dc988d802f5c5f68fd48bd10b5e551e01dbdb92883966f3e8669
SSDEEP

49152:/Sl61ywhE5Hgljvz5PrOeafe29D+MJclCNv2:/pi5Hgvz5yei9KMJclyv2

Score

10^/10

phoenixstealer stealer

Malware Config

Signatures

PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
stealer phoenixstealer

Suspicious use of SetThreadContext 1 IoCs

Processes:

CANVA CRACK PRO.exe

description	pid	Process	procid_target
PID 2112 set thread context of 190176	2112	CANVA CRACK PRO.exe	80

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

CANVA CRACK PRO.exe

description	pid	Process	procid_target
PID 2112 wrote to memory of 190176	2112	CANVA CRACK PRO.exe	80
PID 2112 wrote to memory of 190176	2112	CANVA CRACK PRO.exe	80
PID 2112 wrote to memory of 190176	2112	CANVA CRACK PRO.exe	80
PID 2112 wrote to memory of 190176	2112	CANVA CRACK PRO.exe	80
PID 2112 wrote to memory of 190176	2112	CANVA CRACK PRO.exe	80

C:\Users\Admin\AppData\Local\Temp\CANVA CRACK PRO.exe
"C:\Users\Admin\AppData\Local\Temp\CANVA CRACK PRO.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:190176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/190176-132-0x0000000000000000-mapping.dmp

Download
memory/190176-133-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/190176-140-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download