Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    23s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    80KB

  • MD5

    8d9e7695b942e570f84564345d736762

  • SHA1

    e16022d7b4a5051c4bff6f8f23cf29ab0811c845

  • SHA256

    b5bf9b891fdd046d626082bad71ef887a9fcafca9cdfd6887d2e60ef6d4a0462

  • SHA512

    4031d726322cbb14ae84e60591d9c493495cf54e0028c86b3e1789b9885fce1fa577a47a5a1b5ca311b78e8b405f0d0149e44317d5e414d3e3e91d21dcf5f25f

  • SSDEEP

    1536:P3Mz85SRJP1sW7jeWkfp52S2QyS9QafFFUheeeeeeeeWeeeee:kw5gPiOjeDxb2QyS9QafFF

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b

THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto

1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6

qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL

LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX

rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH

ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH

t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn

bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd

bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg

bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE

Signatures

  • Phorphiex

    Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4496
    • C:\Windows\syspolrvcs.exe
      C:\Windows\syspolrvcs.exe
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Windows security modification
      • Suspicious use of WriteProcessMemory
      PID:4880
      • C:\Users\Admin\AppData\Local\Temp\155177878.exe
        C:\Users\Admin\AppData\Local\Temp\155177878.exe
        3⤵
        • Executes dropped EXE
        PID:3480
      • C:\Users\Admin\AppData\Local\Temp\3026432164.exe
        C:\Users\Admin\AppData\Local\Temp\3026432164.exe
        3⤵
          PID:2116

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\155177878.exe
      Filesize

      22KB

      MD5

      902a0ca495f5e9c46e91e19bcb937ce2

      SHA1

      428622909080717406d63ddf819d7108ce509ce9

      SHA256

      97ed0d792ec3f13e80b09319dee7b55b9025a6d423fba42d7eec949f70b12820

      SHA512

      20ddbfc3bc8ba603d8a39e749299338d5000bbb2421e5982b8603ea9028c9a97e3ebbc501cd2cbfa042faac55c0cca73502e4fcbc9a9bb716476788a20c45384

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\3026432164.exe
      Filesize

      18KB

      MD5

      c1083b57805f9353c1469bf8f342d5d8

      SHA1

      56e50919ffb3d82a8e45f5d84a424a4c61f7a07e

      SHA256

      87715225d95b96cba123ad44cfd694844291209ccec739d65b6e58896455452d

      SHA512

      c590e1c6b2a528c33849c1fd9aaf07c37a2d7629733b33e96c1441e19b78217e8b4714dcafc3bf0d7211f836746f0f58bd357fccd49220eb9f8b6ab55aa4c7a6

      Download Submit