Overview

overview

10

Static

static

3

phantomtoolsv2.exe

windows7-x64

1

phantomtoolsv2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2024 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    phantomtoolsv2.exe

  • Size

    2.6MB

  • MD5

    0c01cfc0685211b3c655c7a9526f1849

  • SHA1

    864d23804b6e3c98efd1b56863a484b505ddf40b

  • SHA256

    8d6ee227c57e825bc978db47c7587d46e7df06e3656d493486ee26b1426c98a6

  • SHA512

    6024a41f371d77a82608c0e8ff314853404a50decb77838ace61c43a72ef954f4a227849b85e2aa3ef0749120e8361f13145006652596fb22b2f972bf7585719

  • SSDEEP

    49152:EZPf0tL9d77T+WScpPNBqB0+i8jS9fQzm/kv49hISc1HeW6YS3jLqFtJc:TVScpPN3D/8Sc1HeW6YSad

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\phantomtoolsv2.exe
    "C:\Users\Admin\AppData\Local\Temp\phantomtoolsv2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2892 -s 28
      2⤵
        PID:3024

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2892-0-0x000000013FEF0000-0x0000000140196000-memory.dmp

      Filesize

      2.6MB

      Download