Analysis Overview
SHA256
22f9b8d8c35d88fc9c57cc4dc7f438fad69094dcb6cf15f58813c9e1928a43e7
Threat Level: Known bad
The file 000005.ldb was found to be: Known bad.
Malicious Activity Summary
PhoenixStealer
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2022-11-26 21:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-26 21:00
Reported
2022-11-26 21:03
Platform
win10-20220901-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
PhoenixStealer
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\000005.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\000005.exe
"C:\Users\Admin\AppData\Local\Temp\000005.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 20.189.173.5:443 | tcp | |
| N/A | 178.79.208.1:80 | tcp |
Files
memory/4580-117-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-118-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-119-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-120-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-121-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-122-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-123-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-124-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-125-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-126-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-127-0x0000000000870000-0x0000000000C64000-memory.dmp
memory/4580-128-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-129-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-130-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-131-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-132-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-133-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-134-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-135-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-136-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-137-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-138-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-139-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-140-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-141-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-142-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-143-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-144-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-145-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-146-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-148-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-147-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-149-0x0000000000870000-0x0000000000C64000-memory.dmp
memory/4580-150-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-151-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-152-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-153-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-154-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-155-0x0000000000870000-0x0000000000C64000-memory.dmp
memory/4580-156-0x0000000077450000-0x00000000775DE000-memory.dmp
memory/4580-157-0x0000000000870000-0x0000000000C64000-memory.dmp
memory/4580-158-0x0000000000870000-0x0000000000C64000-memory.dmp