Analysis

  • max time kernel
    132s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2022 05:01

General

  • Target

    5f474dcb05e85047169732183a9085a767c995d5f49d6092438e170d6869298c.exe

  • Size

    100KB

  • MD5

    24b6dcaa8998f7478e80b33f438ea830

  • SHA1

    6af7f3d7627ab41a1b897388dd71c6cf42017d7a

  • SHA256

    5f474dcb05e85047169732183a9085a767c995d5f49d6092438e170d6869298c

  • SHA512

    d477ecc3a10fc1f747058d909ff3ad8143928ce7054db91b31ba61cabd8300024e4c69921ab1af4abcc830d836ef81ff9a670a28a510cd3a45e6828c5f4e4eb6

  • SSDEEP

    1536:05wNS/vXuhi3uguXjsPZOb5qTx4re5L6dUp79r0PK4Mgf1R8qVyhugLixdIhegN:X0uU39tcETx4rY6q79r0PKzgYqVyhteI

Malware Config

Signatures

  • Azov

    A wiper seeking only damage, first seen in 2022.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f474dcb05e85047169732183a9085a767c995d5f49d6092438e170d6869298c.exe
    "C:\Users\Admin\AppData\Local\Temp\5f474dcb05e85047169732183a9085a767c995d5f49d6092438e170d6869298c.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:2472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2472-132-0x000002EECDBB0000-0x000002EECDBB4000-memory.dmp

    Filesize

    16KB

  • memory/2472-133-0x00007FF7076F0000-0x00007FF707706000-memory.dmp

    Filesize

    88KB

  • memory/2472-134-0x000002EECDA80000-0x000002EECDA87000-memory.dmp

    Filesize

    28KB

  • memory/2472-135-0x000002EECDAA0000-0x000002EECDAA5000-memory.dmp

    Filesize

    20KB

  • memory/2472-136-0x000002EECDBB0000-0x000002EECDBB4000-memory.dmp

    Filesize

    16KB