Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27-03-2024 12:38
General
-
Target
e1af1ba1edb943b838456f57bd564d01.exe
-
Size
105KB
-
MD5
e1af1ba1edb943b838456f57bd564d01
-
SHA1
489760f1f57a35591020f1f82e54740d76fa97e7
-
SHA256
042fb580d253d7525231cbe7a2fb30f931c8a59bb51115e98fba3fe1d2f48a29
-
SHA512
982417c1f742e2624c1da543058ccb2b3e9b5f46cedcbba242d13717a2f6c56cd186ba186767542bf68e0e38d0894b3ac027874f33f5bd5a94c3dac542916155
-
SSDEEP
3072:gEbJSw745FIlbt/d6WruEPJZDTS7MJCAc2BEUzWndAstTIgFpW:rbJSgkkcWruEhZDTS7MJCAc2BEUzWndw
Malware Config
Signatures
-
Phorphiex
Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Phorphiex payload 1 IoCs
-
Windows security bypass 2 TTPs 6 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Windows security modification 2 TTPs 7 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1af1ba1edb943b838456f57bd564d01.exe"C:\Users\Admin\AppData\Local\Temp\e1af1ba1edb943b838456f57bd564d01.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\2917090593118\lsass.exeC:\2917090593118\lsass.exe2⤵
- Windows security bypass
- Executes dropped EXE
- Windows security modification
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
\2917090593118\lsass.exeFilesize
105KB
MD5e1af1ba1edb943b838456f57bd564d01
SHA1489760f1f57a35591020f1f82e54740d76fa97e7
SHA256042fb580d253d7525231cbe7a2fb30f931c8a59bb51115e98fba3fe1d2f48a29
SHA512982417c1f742e2624c1da543058ccb2b3e9b5f46cedcbba242d13717a2f6c56cd186ba186767542bf68e0e38d0894b3ac027874f33f5bd5a94c3dac542916155