Analysis
-
max time kernel
152s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04-11-2022 19:27
Static task
static1
Behavioral task
behavioral1
Sample
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe
Resource
win10v2004-20220812-en
General
-
Target
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe
-
Size
604KB
-
MD5
6d07a0f61db6488b2869010fc78d8bb7
-
SHA1
93204c59552bb6cfd657ba6cec35714cc4f05bca
-
SHA256
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb
-
SHA512
accca6ad61f6b07a050df1a90cfd9603a2eca13a601583b6b4035f835a0910c5bc8c88bcbc5d336c167d8de76d5b02207581b1c0e8529a71f0a232c8a0ddf811
-
SSDEEP
12288:PPHUYiQkXzrFdSs9R2E18xG+yKXAETJk+:n0x7zj2EWxG7KXBTF
Malware Config
Signatures
-
Azov
A wiper seeking only damage, first seen in 2022.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exedescription ioc process File opened (read-only) \??\I: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\J: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\L: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\M: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\P: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\S: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\T: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\A: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\G: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\N: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\O: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\Q: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\X: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\E: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\K: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\U: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\V: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\W: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\Z: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\B: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\F: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\H: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\R: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened (read-only) \??\Y: 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe -
Drops file in Program Files directory 2 IoCs
Processes:
268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exedescription ioc process File opened for modification C:\Program Files\7-Zip\7z.exe 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm 268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe"C:\Users\Admin\AppData\Local\Temp\268f9c1a9cc445a6f2afe21100702e14e69c7d1ed127bfe930628ecc8496badb.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1140-132-0x000001A9482F0000-0x000001A9482F4000-memory.dmpFilesize
16KB
-
memory/1140-133-0x00007FF7525E0000-0x00007FF752657000-memory.dmpFilesize
476KB
-
memory/1140-134-0x000001A9482B0000-0x000001A9482B7000-memory.dmpFilesize
28KB
-
memory/1140-135-0x000001A9482D0000-0x000001A9482D5000-memory.dmpFilesize
20KB
-
memory/1140-136-0x000001A9482F0000-0x000001A9482F4000-memory.dmpFilesize
16KB