Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
17-03-2024 17:08
General
-
Target
d16a1879e3be4eec83b18124ec5094ad.exe
-
Size
104KB
-
MD5
d16a1879e3be4eec83b18124ec5094ad
-
SHA1
a79d93bf2350f2ce5c87741c7da0049f200d96b2
-
SHA256
6ff7acc55f48fa1726291f1ab56c939c66c600c9e98d92255055a38ab2093331
-
SHA512
33a34adbafbdc603ac7d9530337b44a46bad68046c68066c9c6970a5021f3e5a2e0e034bfb23232b9ca1d9dcafb4a33cc96c2906e229f8b7d69ce345db1d1c0c
-
SSDEEP
3072:Xl58BV2ZjooGTb5PjMdhS3KV3/jjKwcNHjo86r8X7FS8EFcv:158BIFveZjMrS3q3/jjKwcNHjo86r8r3
Malware Config
Signatures
-
Phorphiex
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Phorphiex payload 1 IoCs
-
Windows security bypass 2 TTPs 6 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Windows security modification 2 TTPs 7 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d16a1879e3be4eec83b18124ec5094ad.exe"C:\Users\Admin\AppData\Local\Temp\d16a1879e3be4eec83b18124ec5094ad.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\13806394810512\smss.exeC:\13806394810512\smss.exe2⤵
- Windows security bypass
- Executes dropped EXE
- Windows security modification
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
\13806394810512\smss.exeFilesize
104KB
MD5d16a1879e3be4eec83b18124ec5094ad
SHA1a79d93bf2350f2ce5c87741c7da0049f200d96b2
SHA2566ff7acc55f48fa1726291f1ab56c939c66c600c9e98d92255055a38ab2093331
SHA51233a34adbafbdc603ac7d9530337b44a46bad68046c68066c9c6970a5021f3e5a2e0e034bfb23232b9ca1d9dcafb4a33cc96c2906e229f8b7d69ce345db1d1c0c