69fc2c605ffc41b7d121426cc8a48421aa0f04915331d491cef3ad48b78cc3fa

Submit
Reports

Overview

overview

Static

static

0032588b8d...091.js

windows7_x64

0032588b8d...091.js

windows10_x64

09002c686e...2b.exe

windows7_x64

09002c686e...2b.exe

windows10_x64

0b1551c0be...16.exe

windows7_x64

0b1551c0be...16.exe

windows10_x64

1048caa70a...29.exe

windows7_x64

1048caa70a...29.exe

windows10_x64

1c3170b776...b0.exe

windows7_x64

1c3170b776...b0.exe

windows10_x64

240387329d...62.exe

windows7_x64

240387329d...62.exe

windows10_x64

2573b35645...9a.exe

windows7_x64

2573b35645...9a.exe

windows10_x64

2df6c36b47...51.exe

windows7_x64

2df6c36b47...51.exe

windows10_x64

2df6c36b47...1).exe

windows7_x64

2df6c36b47...1).exe

windows10_x64

2e4319ff62...8b.dll

windows7_x64

2e4319ff62...8b.dll

windows10_x64

2fba2aba4b...07.exe

windows7_x64

2fba2aba4b...07.exe

windows10_x64

3ed5d687a4...bd.exe

windows7_x64

3ed5d687a4...bd.exe

windows10_x64

4fc17a5cf8...d5.exe

windows7_x64

4fc17a5cf8...d5.exe

windows10_x64

5942a02bc0...d3.dll

windows7_x64

5942a02bc0...d3.dll

windows10_x64

6e7785213d...3d.exe

windows7_x64

6e7785213d...3d.exe

windows10_x64

83c64ed85d...a0.exe

windows7_x64

83c64ed85d...a0.exe

windows10_x64

Analysis

max time kernel
2s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
15-03-2021 09:51

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

Behavioral task

behavioral1

Sample

0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091.js

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091.js

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

09002c686e358799a9d732f4483a31a858bb140a3dfd59df54b1d449d2f8122b.exe

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

09002c686e358799a9d732f4483a31a858bb140a3dfd59df54b1d449d2f8122b.exe

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

0b1551c0bef2ec2f87a7e3d84be6a388c7ce52ca9d2c4f791939e41a3ecffd16.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

1048caa70a44f59a621e209cc10308256e7495a427245260469812ca1b710629.exe

Resource

win7v20201028

evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

1048caa70a44f59a621e209cc10308256e7495a427245260469812ca1b710629.exe

Resource

win10v20201028

evasion persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a.exe

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

2573b356452dd5ee24c10537fa4848d882fa40a2a8fa5a181624ba460e1f769a.exe

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951(1).exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951(1).exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

2e4319ff62c03a539b2b2f71768a0cfc0adcaedbcca69dbf235081fe2816248b.dll

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

2e4319ff62c03a539b2b2f71768a0cfc0adcaedbcca69dbf235081fe2816248b.dll

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

2fba2aba4b6d7ff3a8b262399a30c7f45ff15cfab932c25fc61477278171a107.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

2fba2aba4b6d7ff3a8b262399a30c7f45ff15cfab932c25fc61477278171a107.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

3ed5d687a46e865424395d3dd455f69c82ac0b22fa24f361db6e87e7aa5019bd.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

3ed5d687a46e865424395d3dd455f69c82ac0b22fa24f361db6e87e7aa5019bd.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

4fc17a5cf81946e26f1846986557801c0a802e56255c7d112cc3edc0d70255d5.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

4fc17a5cf81946e26f1846986557801c0a802e56255c7d112cc3edc0d70255d5.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3.dll

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3.dll

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d.exe

Resource

win10v20201028

persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

83c64ed85d0245b22a7fb1e1f529ccd4db58b49fc6cf656c8d56712fa0b9fea0.exe

Resource

win7v20201028

bootkit discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

83c64ed85d0245b22a7fb1e1f529ccd4db58b49fc6cf656c8d56712fa0b9fea0.exe

Resource

win10v20201028

bootkit discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe
Size

36KB
MD5

9baa6c3392dc9c0ad1733882a3faf2ba
SHA1

827fb56941d9ee428804d6462bf418494c0bf8e8
SHA256

1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0
SHA512

3d5ae55af680cca52a1434c259c6cfa5cb0855de9858d62283e58a2cb1fa2ccd97aac82c544248646d4c3811c9e63a0fad78437e251d569b6111a179fae0583f

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe
"C:\Users\Admin\AppData\Local\Temp\1c3170b776327a73e95e554258be94a70d6861b37242fe48a5126d06e33de1b0.exe"
1⤵
PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-2-0x0000000075C31000-0x0000000075C33000-memory.dmp

Filesize
8KB

Download