Overview

overview

10

Static

static

10

075F9A8B9A...C5.exe

windows7-x64

1

075F9A8B9A...C5.exe

windows10-2004-x64

1

145F7ABE9A...EA.exe

windows7-x64

10

145F7ABE9A...EA.exe

windows10-2004-x64

10

1A99AC759F...31.exe

windows7-x64

3

1A99AC759F...31.exe

windows10-2004-x64

3

1BE33E4291...2D.exe

windows7-x64

10

1BE33E4291...2D.exe

windows10-2004-x64

10

2188BAE387...0C.dll

windows7-x64

3

2188BAE387...0C.dll

windows10-2004-x64

3

22F524ABC9...92.exe

windows7-x64

10

22F524ABC9...92.exe

windows10-2004-x64

10

33381793BD...5E.exe

windows7-x64

1

33381793BD...5E.exe

windows10-2004-x64

1

61C0810A23...A1.exe

windows7-x64

1

61C0810A23...A1.exe

windows10-2004-x64

1

676A2A0D88...CB.exe

windows7-x64

7

676A2A0D88...CB.exe

windows10-2004-x64

7

73D29DEAC4...09.exe

windows7-x64

1

73D29DEAC4...09.exe

windows10-2004-x64

1

81EFD50EB3...29.exe

windows7-x64

7

81EFD50EB3...29.exe

windows10-2004-x64

7

8E83C0F656...07.exe

windows7-x64

10

8E83C0F656...07.exe

windows10-2004-x64

10

99CA9F3245...E2.exe

windows7-x64

5

99CA9F3245...E2.exe

windows10-2004-x64

5

B1E12D0216...06.exe

windows7-x64

10

B1E12D0216...06.exe

windows10-2004-x64

10

C6185A23C5...C8.exe

windows7-x64

10

C6185A23C5...C8.exe

windows10-2004-x64

10

CDCFEDDB0A...3E.exe

windows7-x64

10

CDCFEDDB0A...3E.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E.exe

  • Size

    79KB

  • MD5

    c41fe8e266c0ee1ff4d563b158f285d4

  • SHA1

    627107a8b664043e563c10ee1566a49ad3823483

  • SHA256

    cdcfeddb0aca42e65e6a4822c1f23df7c4ae92775ebcc0b45d4160b732b0983e

  • SHA512

    ed11b61188ebc99655d5c0cbdc84a58ea3ea1f6f6c2f440de245e8a453ccf45b07d1ffc3d4e2f55eb0f2bc0657069019d93beca86b31debaf8dabfcd15946448

  • SSDEEP

    1536:H3Mz8Egxge1V1ljohznpCzSzGcmRfFFAEfeeeeeeeeWeeeee:8wE/ebzjoppjzGcmRfFiE

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

Wallets

0xAa3ea4838e8E3F6a1922c6B67E3cD6efD1ff175b

THRUoPK7oYqF7YyKZJvPYwTH35JsPZVPto

1Hw9tx4KyTq4oRoLVhPb4hjDJcLhEa4Tn6

qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

XtxFdsKkRN3oVDXtN2ipcHeNi87basT2sL

LXMNcn9D8FQKzGNLjdSyR9dEM8Rsh9NzyX

rwn7tb5KQjXEjH42GgdHWHec5PPhVgqhSH

ARML6g7zynrwUHJbFJCCzMPiysUFXYBGgQ

48jYpFT6bT8MTeph7VsyzCQeDsGHqdQNc2kUkRFJPzfRHHjarBvBtudPUtParMkDzZbYBrd3yntWBQcsnVBNeeMbN9EXifg

3PL7YCa4akNYzuScqQwiSbtTP9q9E9PLreC

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

D9AJWrbYsidS9rAU146ifLRu1fzX9oQYSH

t1gvVWHnjbGTsoWXEyoTFojc2GqEzBgvbEn

bnb1cgttf7t5hu7ud3c436ufhcmy59qnkd09adqczd

bc1q0fusmmgycnhsd5cadsuz2hk8d4maausjfjypqg

bitcoincash:qr89hag2967ef604ud3lw4pq8hmn69n46czwdnx3ut

GAUCC7ZBSU2KJMHXOZD6AP5LOBGKNDPCDNRYP2CO2ACR63YCSUBNT5QE

Signatures

  • Phorphiex

    Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 5 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: SetClipboardViewer 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E.exe
    "C:\Users\Admin\AppData\Local\Temp\CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\sysdfgrsv.exe
      C:\Windows\sysdfgrsv.exe
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Loads dropped DLL
      • Windows security modification
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Users\Admin\AppData\Local\Temp\2506132801.exe
        C:\Users\Admin\AppData\Local\Temp\2506132801.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2564
        • C:\Windows\sylsplvc.exe
          C:\Windows\sylsplvc.exe
          4⤵
          • Windows security bypass
          • Executes dropped EXE
          • Loads dropped DLL
          • Windows security modification
          • Suspicious behavior: SetClipboardViewer
          • Suspicious use of WriteProcessMemory
          PID:2624
          • C:\Users\Admin\AppData\Local\Temp\1846219788.exe
            C:\Users\Admin\AppData\Local\Temp\1846219788.exe
            5⤵
            • Executes dropped EXE
            PID:1108
      • C:\Users\Admin\AppData\Local\Temp\230928203.exe
        C:\Users\Admin\AppData\Local\Temp\230928203.exe
        3⤵
        • Executes dropped EXE
        PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M61DDFBK\1[1]
    Filesize

    79KB

    MD5

    675271f472aa931977c2f22c80c23ae6

    SHA1

    c732d12f9a44e6b76eaeb828e9236c1523eff68e

    SHA256

    f8706ef31b6df9c8c0accc593a9c73521e6c66e95610f7f9032798637cb5695a

    SHA512

    e408569e31c767622f9d0d1b4b00f876740f3512dbd0802d47bfc6ec691a373e1c978ba6b070f403c68416cf7b0ea2eff568d156bdf52205c4ea4e3a571c3b9a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M61DDFBK\3[1]
    Filesize

    9KB

    MD5

    8829e35b75628ecee6d143bb3e1aac39

    SHA1

    e8d5569cc01fa71c1a6ba4b0099d3cf8a7dd8fbe

    SHA256

    f38a60c9628d8876246218f67523ac5f37a179e9a5db0aa62114ea57817ae62e

    SHA512

    02175d25829c91fbb9c787013ca69cf5b61b8d86f74547b72b5b4a5cd05e24da401572b105f96287b0d6bb0c1382307bd65c1666a560b262a22b0272df4da1be

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\2[1]
    Filesize

    80KB

    MD5

    3cf4a7da80d8018e2610199cfa9e8e24

    SHA1

    257615963c9dde93e06e4842a5ca0f7bd35ca399

    SHA256

    91758b1a71d95017a26854eb8f085c4f826ef1aa3dc6ebd6f9a7b50bb2604e0d

    SHA512

    b0563ac79e617e4ad534ec34449162554afdb65438e8cd229c2b71e7093ed9ff28ef02f014ceb7bd68b528c8b51a7be110ed46974800885cc2cee6d077d127fd

    Download Submit

  • C:\Users\Admin\tbnds.dat
    Filesize

    4KB

    MD5

    83f8f9a15cca3fdeecf1f85647e7184b

    SHA1

    422293e8903a753cdf1dbb6d3f038bfe6d6bcf26

    SHA256

    387ff5c5573f9bfc5368a967fea9a66534630fe3b903fe32ee647987b7a1af3d

    SHA512

    443e087a36e972cc003f29f6a323aa1b9d28477ca636695ce79487fcbd31195123493f9d013b0b93920d9b6eeb647d1c3c3dbe86e30361f320a7e656638e9a94

    Download Submit

  • C:\Users\Admin\tbnds.dat
    Filesize

    4KB

    MD5

    656eb9638d9dd54eaadb0794a2694a06

    SHA1

    b477e38e15acf766b30a0301756373f9467f8d11

    SHA256

    8a835add60b239c9bd8c6d2f06cec3b35321424de184e3df17e4582b99912377

    SHA512

    004f5822c439372af963112627f0387a977e7e8358450f3f9fb910252ad121d5bc6112ab690255b5ca1406082b5cad9d8568a4f9c134563aa996d565d4e82487

    Download Submit

  • C:\Windows\sysdfgrsv.exe
    Filesize

    79KB

    MD5

    c41fe8e266c0ee1ff4d563b158f285d4

    SHA1

    627107a8b664043e563c10ee1566a49ad3823483

    SHA256

    cdcfeddb0aca42e65e6a4822c1f23df7c4ae92775ebcc0b45d4160b732b0983e

    SHA512

    ed11b61188ebc99655d5c0cbdc84a58ea3ea1f6f6c2f440de245e8a453ccf45b07d1ffc3d4e2f55eb0f2bc0657069019d93beca86b31debaf8dabfcd15946448

    Download Submit

  • \Users\Admin\AppData\Local\Temp\230928203.exe
    Filesize

    9KB

    MD5

    16912f948cac55bb69a22b92c00de182

    SHA1

    0b5805bfd2fa7d192f2c3c6397328d8f151c1f14

    SHA256

    037baef94e1c3db51b49820492bdfa4534bb1ad5a590101d0b94c267db2cb1d4

    SHA512

    525056688644f78ff55387c3fbe102c6583cf5abb5175156f9b4281f70accf73289979b3a277bfe7e561934c4bb574e332daabce5a2e2d42f4676feb9f533823

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2506132801.exe
    Filesize

    79KB

    MD5

    6752eaef40de94374448ef64a36bf381

    SHA1

    c24a56262377d04ca0ed0acd6e283f9d8a63dac4

    SHA256

    2229c5279401c0df64c8fffdb866d8802bc8399581044b3c006d10ed48163781

    SHA512

    2291dc0b4e280c0c732fb756f4cdf7b90c6bc4a45ec5a77e5ececa64164aa81385f1b9886bab165b17d5c27fc6029a047fabc108a0d55f092189c924d0a946fd

    Download Submit