Overview

overview

10

Static

static

10

Phxnt0m-ma...per.py

windows11-21h2-x64

3

Phxnt0m-ma...ing.py

windows11-21h2-x64

3

Phxnt0m-ma...ion.py

windows11-21h2-x64

3

Phxnt0m-ma...rer.py

windows11-21h2-x64

3

Phxnt0m-ma...val.py

windows11-21h2-x64

3

Phxnt0m-ma...ing.py

windows11-21h2-x64

3

Phxnt0m-ma...omb.py

windows11-21h2-x64

3

Phxnt0m-ma...ber.py

windows11-21h2-x64

3

Phxnt0m-ma...are.py

windows11-21h2-x64

3

Phxnt0m-ma...ger.py

windows11-21h2-x64

3

Phxnt0m-ma...kes.py

windows11-21h2-x64

3

Phxnt0m-ma...one.py

windows11-21h2-x64

3

Phxnt0m-ma...ger.py

windows11-21h2-x64

3

Phxnt0m-ma...ing.py

windows11-21h2-x64

3

Phxnt0m-ma...rol.py

windows11-21h2-x64

3

Phxnt0m-ma...ess.py

windows11-21h2-x64

3

Phxnt0m-ma...try.py

windows11-21h2-x64

3

Phxnt0m-ma...ell.py

windows11-21h2-x64

3

Phxnt0m-ma...ion.py

windows11-21h2-x64

3

Phxnt0m-ma...rec.py

windows11-21h2-x64

3

Phxnt0m-ma...hot.py

windows11-21h2-x64

3

Phxnt0m-ma...ech.py

windows11-21h2-x64

3

Phxnt0m-ma...cam.py

windows11-21h2-x64

3

Phxnt0m-ma...ker.py

windows11-21h2-x64

3

Phxnt0m-ma...ass.py

windows11-21h2-x64

3

Phxnt0m-ma...px.exe

windows11-21h2-x64

5

Phxnt0m-ma...rce.py

windows11-21h2-x64

3

Phxnt0m-ma...io.bat

windows11-21h2-x64

1

Phxnt0m-ma...me.exe

windows11-21h2-x64

9

Phxnt0m-ma...ain.py

windows11-21h2-x64

3

Phxnt0m-ma...dio.py

windows11-21h2-x64

3

Phxnt0m-ma...ter.py

windows11-21h2-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-es
  • resource tags

    arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    10-11-2024 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Phxnt0m-malware-main/Phxnt0mware RAT - main/tools/drawling_studio/DrawlingStudio.bat

  • Size

    1KB

  • MD5

    c23cad987de11d44272104ac5a22a573

  • SHA1

    906042a786ca5fbe299605239c28ed83557e53af

  • SHA256

    46c011abb3d16d70896c96f03882c302f3d3a0f31546ede5a0cc0eefbe14ecd0

  • SHA512

    c3ac4b833ffe904e9a6eca59dd1b09b08fd5cc5c5dbe92b93a959afb1a3ca997da5f4a35c52c9146ed813feccdba71b424e4e93adc752fa8c7d414ee7b7e8db7

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Phxnt0m-malware-main\Phxnt0mware RAT - main\tools\drawling_studio\DrawlingStudio.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
      python -m venv drawlingstudio
      2⤵
        PID:2712
      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
        python -m pip install --upgrade pip
        2⤵
          PID:3092
        • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
          python main.py
          2⤵
            PID:3740

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
          Filesize

          1KB

          MD5

          b45dc73f9fa3ab09845931596d9b089c

          SHA1

          3414831fa82c8b06967d83d5a6fb409022300efa

          SHA256

          62eea69d221d6fcb0b38123d2b2c7f958e897f1cc07efd523092023ac6bf1fd6

          SHA512

          716a041d7d20b8343aa82a86c369148ba658afa5a28ff752e86a40fd4cd917480a453f13497e0967bdb1dee226d48efd39affa71b0c214e0a8ae3ff7d07518bf

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
          Filesize

          1010B

          MD5

          3cc77c7142a168ec989bf8217ba9b162

          SHA1

          158fdcee36b35820ae95173da725ef938935770f

          SHA256

          0c121d3e309cc00f79fde64a8ece4b6c0364ff18c072b8fe40e6c86373a16b3a

          SHA512

          1839a46ba7fb7e901405fd1e9fce1089643eca5e49cb2e05ede340ebad69fc0a92a6d76b15b2e7e8c3b61fc713f84a2cd1aff0fa5adead37c35ef0c10a6c87b5

          Download Submit