Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2022, 08:39

General

  • Target

    5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2.exe

  • Size

    134KB

  • MD5

    03d80087b2482eeddcca6d6500e70663

  • SHA1

    e83e0d5482c80fcac66f2fb0f5fb7f84132456e3

  • SHA256

    5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2

  • SHA512

    1a7ab05e7129c0245f508aead14b2f1bfc537d896ce2b4b9a2426986a0ff98c2911b13e3ed7243bea176c2adad1f9e6a79c7630b5c8190a1b4f6fa573ecf8e9a

  • SSDEEP

    3072:RPY1lfhVh2eewf2CaY1qPR9k5c5Jdd/jCi:GCebaRhjn

Score
10/10

Malware Config

Extracted

Family

pony

C2

http://212.58.20.11:8080/pony/gate.php

http://66.175.220.109/pony/gate.php

Attributes
  • payload_url

    http://fatihfiliz.com.tr/HjcqX.exe

    http://www.admirals.ae/j3fwjN.exe

Signatures

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2.exe
    "C:\Users\Admin\AppData\Local\Temp\5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2.exe
      "C:\Users\Admin\AppData\Local\Temp\5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2.exe"
      2⤵
        PID:1652

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1504-54-0x0000000075661000-0x0000000075663000-memory.dmp

            Filesize

            8KB

          • memory/1504-55-0x00000000013E0000-0x0000000001405000-memory.dmp

            Filesize

            148KB

          • memory/1504-56-0x00000000013E0000-0x0000000001405000-memory.dmp

            Filesize

            148KB