Analysis
-
max time kernel
151s -
max time network
175s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-07-2021 12:42
General
-
Target
a1b1fcc07a688cdbf58c79714c4bec075ae8a263d6227e516002360db5edf3f3.sample.exe
-
Size
103KB
-
MD5
fa7103d9d7bcfa056fa890c576459310
-
SHA1
98b594fb8acbe6169a2a38978f7ae2668364efa6
-
SHA256
a1b1fcc07a688cdbf58c79714c4bec075ae8a263d6227e516002360db5edf3f3
-
SHA512
29c703b2f0ddbe2f88ffb6f93c9430acf3863462f66fa79cd6376649411ab8f993da07466e802a1892305eaa80d44bd40b4a86983ee12c123fa5e04228794a5f
Score
10/10
Malware Config
Signatures
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a1b1fcc07a688cdbf58c79714c4bec075ae8a263d6227e516002360db5edf3f3.sample.exe"C:\Users\Admin\AppData\Local\Temp\a1b1fcc07a688cdbf58c79714c4bec075ae8a263d6227e516002360db5edf3f3.sample.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-60-0x00000000760B1000-0x00000000760B3000-memory.dmpFilesize
8KB
-
memory/2016-61-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB
-
memory/2016-62-0x0000000000280000-0x0000000000281000-memory.dmpFilesize
4KB