Analysis Overview
SHA256
9435b7a2b884676ec7e109ed28a9164cea5f5f6d4a18e1b2cebaff1de4c186db
Threat Level: Known bad
The file ie_to_edge_stub.exe was found to be: Known bad.
Malicious Activity Summary
Azov
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-10 09:00
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-10 09:00
Reported
2022-11-10 09:03
Platform
win10v2004-20220901-en
Max time kernel
91s
Max time network
127s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File created | C:\Program Files\7-Zip\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe
"C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe"
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.5:443 | tcp | |
| US | 8.253.208.120:80 | tcp | |
| US | 8.253.208.120:80 | tcp | |
| US | 8.253.208.120:80 | tcp |
Files
memory/3040-132-0x000001945D5F0000-0x000001945D5F4000-memory.dmp
memory/3040-133-0x00007FF6B01C0000-0x00007FF6B023B000-memory.dmp
memory/3040-136-0x000001945D5F0000-0x000001945D5F4000-memory.dmp
memory/3040-135-0x000001945D5E0000-0x000001945D5E5000-memory.dmp
memory/3040-134-0x000001945D5C0000-0x000001945D5C6000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-10 09:00
Reported
2022-11-10 09:03
Platform
win7-20220812-en
Max time kernel
40s
Max time network
43s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe | N/A |
Enumerates connected drives
Processes
C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe
"C:\Users\Admin\AppData\Local\Temp\ie_to_edge_stub.exe"
Network
Files
memory/1476-54-0x0000000000210000-0x0000000000214000-memory.dmp
memory/1476-55-0x000000013F9B0000-0x000000013FA2B000-memory.dmp
memory/1476-56-0x00000000001E0000-0x00000000001E6000-memory.dmp
memory/1476-58-0x0000000000210000-0x0000000000214000-memory.dmp
memory/1476-57-0x0000000000200000-0x0000000000205000-memory.dmp