MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Phorpiex

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335
SHA3-384 hash:	184c1b68dfb91a5923697ad70459d3c759a2f75069c3b264aedf3a44822ba1c59ec00e3a2e3f79d3180cb52f9087b5dc
SHA1 hash:	8d02ab35f57f4a98679935c7fd6d20e5ceef585a
MD5 hash:	a4fac8df05ee106a9f658b9bb4f90d05
humanhash:	comet-summer-oven-east
File name:	tspm_1.bin
Download:	download sample
Signature	Phorpiex Create hunting rule
File size:	1'135'616 bytes
First seen:	2020-07-08 05:44:04 UTC
Last seen:	2020-08-02 07:33:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	60f5970853e3a080c4a932aa93b0d67c (1 x Phorpiex)
ssdeep	24576:gyDIINvTyuGvi+fkjfdWf2gTnxKHOV1AZuLbbbbpcA:gyDIMyuGvi+fkzdy1KHy1YqbbbbpcA
Threatray	18 similar samples on MalwareBazaar
TLSH	D9357D7DB4E2C835C23440B49988E3B2992EA5E1CB3114C3B7DC9A4E17B19D1AA375F7
Reporter	JAMESWT_WT
Tags:	Phorpiex

Intelligence

File Origin

# of uploads :

# of downloads :

119

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/22790/

Detection(s):

SecuriteInfo.com.Win32.Heri.13792.7075.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Creating a window

Blocking the User Account Control

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335/

Threat name:

Win32.Ransomware.Avaddon

Status:

Malicious

First seen:

2020-07-07 21:23:00 UTC

File Type:

PE (Exe)

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pnfbhqbc6cki6ct2zygc5kfyll2plfrtrlyuyoq34ltd6volwm2q._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion trojan persistence ransomware

Link:

https://tria.ge/reports/200708-6dwzthekhn/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious behavior: EnumeratesProcesses

System policy modification

Interacts with shadow copies

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies service

Enumerates connected drives

Looks up external IP address via web service

Checks whether UAC is enabled

Drops desktop.ini file(s)

Enumerates connected drives

Drops desktop.ini file(s)

Looks up external IP address via web service

Checks whether UAC is enabled

Executes dropped EXE

Deletes shadow copies

UAC bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Phorpiex

exe 7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335

(this sample)

Cape

https://www.capesandbox.com/analysis/22790/

URLhaus

https://urlhaus.abuse.ch/url/399898/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/408867/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample