Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-10-2024 16:33
Behavioral task
behavioral1
Sample
tmpg45mr2xx.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
tmpg45mr2xx.exe
Resource
win10v2004-20241007-en
General
-
Target
tmpg45mr2xx.exe
-
Size
137KB
-
MD5
e27b299c37caf241ff547c4845efb6d6
-
SHA1
a5b62b4536da6262e18315a44ca5ff7be4dd658f
-
SHA256
7a2e81375e856c2407907599f401b4a5ec43322bc8e5a4847c43a97f4b91af3f
-
SHA512
962f94f887b7d6fa95402bc9ef2fbea68deed0a76871e461176e03ad88d07ded383f244095318aa2499543703654825029299b403a16469c1ad635a143d10fcb
-
SSDEEP
1536:qQfUyJkgcYU/BFI6d75KunrlsCK2Wu01Dy5s5b3x07XSI7UKCWaDCoL3T4NODbio:qQ849/Ud75FnZtCDyK5Tm7iIFCzPi0F
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7580542331:AAGHf6T43IrCaf5fPcI73jO_S0Bs8H-8Nig/sendDocument
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
tmpg45mr2xx.exedescription pid process target process PID 1600 wrote to memory of 2092 1600 tmpg45mr2xx.exe WerFault.exe PID 1600 wrote to memory of 2092 1600 tmpg45mr2xx.exe WerFault.exe PID 1600 wrote to memory of 2092 1600 tmpg45mr2xx.exe WerFault.exe