Overview
overview
8Static
static
Phoenix/An...rp.dll
windows10-1703-x64
1Phoenix/Co...le.dll
windows10-1703-x64
1Phoenix/IC...ib.dll
windows10-1703-x64
1Phoenix/Ne...on.dll
windows10-1703-x64
1Phoenix/Phoenix.exe
windows10-1703-x64
8Phoenix/Phoenix.exe
windows10-1703-x64
8Phoenix/WebDriver.dll
windows10-1703-x64
1Phoenix/We...er.dll
windows10-1703-x64
1Phoenix/se...anager
windows10-1703-x64
1Phoenix/se...anager
windows10-1703-x64
1Phoenix/se...er.exe
windows10-1703-x64
1Analysis
-
max time kernel
51s -
max time network
63s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
29-01-2023 23:31
Static task
static1
Behavioral task
behavioral1
Sample
Phoenix/AngleSharp.dll
Resource
win10-20220901-en
Behavioral task
behavioral2
Sample
Phoenix/Colorful.Console.dll
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
Phoenix/ICSharpCode.SharpZipLib.dll
Resource
win10-20220812-en
Behavioral task
behavioral4
Sample
Phoenix/Newtonsoft.Json.dll
Resource
win10-20220901-en
Behavioral task
behavioral5
Sample
Phoenix/Phoenix.exe
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
Phoenix/Phoenix.exe
Resource
win10-20220812-en
Behavioral task
behavioral7
Sample
Phoenix/WebDriver.dll
Resource
win10-20220812-en
Behavioral task
behavioral8
Sample
Phoenix/WebDriverManager.dll
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
Phoenix/selenium-manager/linux/selenium-manager
Resource
win10-20220812-en
Behavioral task
behavioral10
Sample
Phoenix/selenium-manager/macos/selenium-manager
Resource
win10-20220812-en
Behavioral task
behavioral11
Sample
Phoenix/selenium-manager/windows/selenium-manager.exe
Resource
win10-20220812-en
General
-
Target
Phoenix/Phoenix.exe
-
Size
1.4MB
-
MD5
9d68e4b0270a866465d645770cad3e2f
-
SHA1
48a2c50e02303ff11b14433be9cc97c8be7e2969
-
SHA256
0d22ff318268a1419cfe15e454a8dd546d3a2dccf8259227c8edb035f341cdbc
-
SHA512
8e5e6fb9101f3c3611db78844c651bf6b0da21699708dc0fd1682024f0acf710e0f9c129083a53a1083dc5aaab7cae60cb41feff613e215edc0cc766bd6b0541
-
SSDEEP
24576:bOQirqO1fn0QzIYCQbOgrJ3fz4/EQn652VOs9WflYxRK:qQiP1f0QCQagrxfz4/bju9o
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
Phoenix.exepid process 5036 Phoenix.exe -
Deletes itself 1 IoCs
Processes:
Phoenix.exepid process 4988 Phoenix.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
Phoenix.exepid process 4988 Phoenix.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
Phoenix.exedescription pid process target process PID 4988 wrote to memory of 5036 4988 Phoenix.exe Phoenix.exe PID 4988 wrote to memory of 5036 4988 Phoenix.exe Phoenix.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Phoenix\Phoenix.exe"C:\Users\Admin\AppData\Local\Temp\Phoenix\Phoenix.exe"1⤵
- Deletes itself
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Users\Admin\AppData\Local\Temp\Phoenix\Phoenix.exe"C:\Users\Admin\AppData\Local\Temp\Phoenix\Phoenix.exe"2⤵
- Executes dropped EXE
PID:5036
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414KB
MD5ec4d07a1cf9fe38c0a3d38f43acadbef
SHA10d0a5d4054389ceeffb3c58a9a29f59f77598d88
SHA2566bd40edf9f7a61561f1c0a061fc6715d551586c8db6655d9a5a30ce828887918
SHA512d828317992968170492cac0ff3b1b34822dd8b5c891e008006da8451da7ee2712b8146cc01c15901b018046d9439fa73a4f406adf114bed4dba273a483ba7693