Analysis
-
max time kernel
139s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-11-2020 11:21
General
-
Target
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe
-
Size
105KB
-
MD5
807e6774adf4407a46df7747058a880c
-
SHA1
80a7a31cac60601b082e2535563d06b1e9505d94
-
SHA256
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b
-
SHA512
c5d0cd3c100fc1865217120c4c77755a2e86e832300cf80c160699e327c25b0e724b8a65e644dc935d17665a8f7525beb31e836352c5a679af53a661633339e8
Score
10/10
Malware Config
Signatures
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe"C:\Users\Admin\AppData\Local\Temp\d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1660-0-0x000007FEF6B90000-0x000007FEF6E0A000-memory.dmpFilesize
2.5MB