69fc2c605ffc41b7d121426cc8a48421aa0f04915331d491cef3ad48b78cc3fa

Submit
Reports

Overview

overview

Static

static

0032588b8d...091.js

windows7_x64

0032588b8d...091.js

windows10_x64

09002c686e...2b.exe

windows7_x64

09002c686e...2b.exe

windows10_x64

0b1551c0be...16.exe

windows7_x64

0b1551c0be...16.exe

windows10_x64

1048caa70a...29.exe

windows7_x64

1048caa70a...29.exe

windows10_x64

1c3170b776...b0.exe

windows7_x64

1c3170b776...b0.exe

windows10_x64

240387329d...62.exe

windows7_x64

240387329d...62.exe

windows10_x64

2573b35645...9a.exe

windows7_x64

2573b35645...9a.exe

windows10_x64

2df6c36b47...51.exe

windows7_x64

2df6c36b47...51.exe

windows10_x64

2df6c36b47...1).exe

windows7_x64

2df6c36b47...1).exe

windows10_x64

2e4319ff62...8b.dll

windows7_x64

2e4319ff62...8b.dll

windows10_x64

2fba2aba4b...07.exe

windows7_x64

2fba2aba4b...07.exe

windows10_x64

3ed5d687a4...bd.exe

windows7_x64

3ed5d687a4...bd.exe

windows10_x64

4fc17a5cf8...d5.exe

windows7_x64

4fc17a5cf8...d5.exe

windows10_x64

5942a02bc0...d3.dll

windows7_x64

5942a02bc0...d3.dll

windows10_x64

6e7785213d...3d.exe

windows7_x64

6e7785213d...3d.exe

windows10_x64

83c64ed85d...a0.exe

windows7_x64

83c64ed85d...a0.exe

windows10_x64

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7v20201028
submitted
15-03-2021 09:51

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

Behavioral task

behavioral1

Sample

0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091.js

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091.js

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

09002c686e358799a9d732f4483a31a858bb140a3dfd59df54b1d449d2f8122b.exe

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

09002c686e358799a9d732f4483a31a858bb140a3dfd59df54b1d449d2f8122b.exe

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

1048caa70a44f59a621e209cc10308256e7495a427245260469812ca1b710629.exe

Resource

win7v20201028

evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

1048caa70a44f59a621e209cc10308256e7495a427245260469812ca1b710629.exe

Resource

win10v20201028

evasion persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a.exe

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a.exe

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951(1).exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951(1).exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

2e4319ff62c03a539b2b2f71768a0cfc0adcaedbcca69dbf235081fe2816248b.dll

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

2e4319ff62c03a539b2b2f71768a0cfc0adcaedbcca69dbf235081fe2816248b.dll

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

2fba2aba4b6d7ff3a8b262399a30c7f45ff15cfab932c25fc61477278171a107.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

2fba2aba4b6d7ff3a8b262399a30c7f45ff15cfab932c25fc61477278171a107.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

3ed5d687a46e865424395d3dd455f69c82ac0b22fa24f361db6e87e7aa5019bd.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

3ed5d687a46e865424395d3dd455f69c82ac0b22fa24f361db6e87e7aa5019bd.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

4fc17a5cf81946e26f1846986557801c0a802e56255c7d112cc3edc0d70255d5.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

4fc17a5cf81946e26f1846986557801c0a802e56255c7d112cc3edc0d70255d5.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3.dll

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3.dll

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d.exe

Resource

win10v20201028

persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

83c64ed85d0245b22a7fb1e1f529ccd4db58b49fc6cf656c8d56712fa0b9fea0.exe

Resource

win7v20201028

bootkit discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

83c64ed85d0245b22a7fb1e1f529ccd4db58b49fc6cf656c8d56712fa0b9fea0.exe

Resource

win10v20201028

bootkit discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe
Size

141KB
MD5

e5e56f9374a5a6dd331a0f57883bcbb5
SHA1

86ae05396644baef2ddc112c0485af1f170c5bfb
SHA256

0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16
SHA512

3cd12ee34d28125fc82082c5b91dc82ff27069c9d21766f82fc26f1fb5487de8e63f10c751f9ae211c6ea08c47e23ed3fc2925525038ac5796a447395a248941

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
744	0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe
744	0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe
744	0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe
744	0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	744	0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe
"C:\Users\Admin\AppData\Local\Temp\0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/744-2-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/744-3-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/744-4-0x00000000001F0000-0x00000000001F2000-memory.dmp

Filesize
8KB

Download