Overview

overview

10

Static

static

10

8cd916321f...8c.exe

windows7-x64

10

8cd916321f...8c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    177s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c.exe

  • Size

    112KB

  • MD5

    2d5e7babf1b2d92b56fda0b9044f889a

  • SHA1

    d2f1f6a1e267172fc183a0d1a2affdd26145f59d

  • SHA256

    8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c

  • SHA512

    68167664fc5e957b9aee18713ddf975823a73713d6c2fe31f532dcb53bee280a7fbfda68961a514d049558c602d74e91b24995fc1153e3f376cea5ebc7f93688

  • SSDEEP

    3072:8q7DiX2FNAVWllSP8QLZwgtTIFFjB/0SA:N7DiQWTlZw3FjJA

Score
10/10
phorphiexevasionloaderpersistencetrojanworm

Malware Config

Signatures

  • Phorphiex

    Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex
  • Phorphiex payload 1 IoCs
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c.exe
    "C:\Users\Admin\AppData\Local\Temp\8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\24708340513930\lsass.exe
      C:\24708340513930\lsass.exe
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Windows security modification
      PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HDT8MX\c1[1]
    Filesize

    80KB

    MD5

    a8e92e7a0933e496de6cf58525635240

    SHA1

    a3faa7dd7f4c7e540164ead5b9d5243990f3826c

    SHA256

    c2fb75b99e859a64798be5dd3b118403bb485ac2bb1e172a27c9b0c305ad983c

    SHA512

    c81e50b6cc635c01272845ee265452509115dce8405321610a9d79e0f8ae592cfa9dee369cadc106e3f53525f43a1c287b7d8c2006e8d626a0c39cab06a92e17

    Download Submit

  • \24708340513930\lsass.exe
    Filesize

    112KB

    MD5

    2d5e7babf1b2d92b56fda0b9044f889a

    SHA1

    d2f1f6a1e267172fc183a0d1a2affdd26145f59d

    SHA256

    8cd916321f1c8a63bd9fafb52a478ac65b3e86a33966bbfce60f5e46ffee6b8c

    SHA512

    68167664fc5e957b9aee18713ddf975823a73713d6c2fe31f532dcb53bee280a7fbfda68961a514d049558c602d74e91b24995fc1153e3f376cea5ebc7f93688

    Download Submit