Malware Analysis Report

2025-05-05 21:49

Sample ID 250415-ylewxazpy8
Target file.exe
SHA256 764b5037aa551fc0a9feb30b213e04605cba3babc5ec301d9cd4a50e88311618
Tags
discovery spyware stealer phorphiex
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

764b5037aa551fc0a9feb30b213e04605cba3babc5ec301d9cd4a50e88311618

Threat Level: Known bad

The file file.exe was found to be: Known bad.

Malicious Activity Summary

discovery spyware stealer phorphiex

Phorphiex family

Reads user/profile data of web browsers

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-15 19:52

Signatures

Phorphiex family

phorphiex

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-15 19:52

Reported

2025-04-15 19:54

Platform

win10v2004-20250314-en

Max time kernel

104s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-15 19:52

Reported

2025-04-15 19:54

Platform

win11-20250410-en

Max time kernel

102s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Network

Files

N/A