phorphiex | 908fea0d45e0948714aab5c1abd5daa664eeef4dcf11d27f8b9cfbd30fc1168c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...de.exe

windows7-x64

JaffaCakes...de.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6f4f9522086eac0071069f0a799aa7de
Size

1016KB
Sample

250313-hhf2ssx1hx
MD5

6f4f9522086eac0071069f0a799aa7de
SHA1

cf4544d75145060da77eb780444e1ef15984fd6f
SHA256

908fea0d45e0948714aab5c1abd5daa664eeef4dcf11d27f8b9cfbd30fc1168c
SHA512

104c2fc99cd7b2a91e9aa446712d5802a88d5fc64fc28dce03db5e31c6f30f8d59f782a5b7021107be686c8a233320ae0b82a6e956e829e1d85569780bd2b2c5
SSDEEP

24576:6c//////qPzZSQcEQhN/nrNC3fB39BRbWMmdbesfmIt:6c//////qPzORhNPrNC3RcMQasfmK

Score

10^/10

phorphiex discovery loader trojan vmprotect worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6f4f9522086eac0071069f0a799aa7de.exe

Resource

win7-20240903-en

phorphiex discovery loader trojan vmprotect worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6f4f9522086eac0071069f0a799aa7de.exe

Resource

win10v2004-20250217-en

phorphiex discovery loader trojan vmprotect worm

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_6f4f9522086eac0071069f0a799aa7de
- Size
  
  1016KB
- MD5
  
  6f4f9522086eac0071069f0a799aa7de
- SHA1
  
  cf4544d75145060da77eb780444e1ef15984fd6f
- SHA256
  
  908fea0d45e0948714aab5c1abd5daa664eeef4dcf11d27f8b9cfbd30fc1168c
- SHA512
  
  104c2fc99cd7b2a91e9aa446712d5802a88d5fc64fc28dce03db5e31c6f30f8d59f782a5b7021107be686c8a233320ae0b82a6e956e829e1d85569780bd2b2c5
- SSDEEP
  
  24576:6c//////qPzZSQcEQhN/nrNC3fB39BRbWMmdbesfmIt:6c//////qPzORhNPrNC3RcMQasfmK
Score

10^/10

phorphiex discovery loader trojan vmprotect worm
- Phorphiex family
  phorphiex
- Phorphiex, Phorpiex
  Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phorphiexdiscoveryloadertrojanvmprotectworm

behavioral2

phorphiexdiscoveryloadertrojanvmprotectworm

© 2018-2025

Terms | Privacy