Analysis Overview
SHA256
764b5037aa551fc0a9feb30b213e04605cba3babc5ec301d9cd4a50e88311618
Threat Level: Known bad
The file file.exe was found to be: Known bad.
Malicious Activity Summary
Phorphiex family
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-15 19:52
Signatures
Phorphiex family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-15 19:52
Reported
2025-04-15 19:54
Platform
win10v2004-20250314-en
Max time kernel
104s
Max time network
136s
Command Line
Signatures
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-15 19:52
Reported
2025-04-15 19:54
Platform
win11-20250410-en
Max time kernel
102s
Max time network
103s
Command Line
Signatures
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"