Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
13-11-2022 05:01
Static task
static1
Behavioral task
behavioral1
Sample
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe
Resource
win10v2004-20220812-en
General
-
Target
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe
-
Size
182KB
-
MD5
9c4c2f4f00522c9ebe08905270b2ac4b
-
SHA1
63e0b1975eaadd99a742fc279ee1956377686f10
-
SHA256
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24
-
SHA512
7d6589d5efb9d024454ad53f4a16f5e1663dcaa638fe22c5039b9562b1aa29a01a299cb312e14436fda517cd14fbe53f2e308c97b37b9be0108dc9a830c66278
-
SSDEEP
3072:tuTO4rRZiIgvX5mG1EXscjrU39Qq+ZDPUEMTlqiP60zEBXY+adic1oi53t:tkZrgvpmG1QFs9UZDPFMThy0zEWLNou9
Malware Config
Signatures
-
Azov
A wiper seeking only damage, first seen in 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exedescription ioc process File opened (read-only) \??\Z: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\H: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\P: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\X: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\J: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\O: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\S: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\A: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\G: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\I: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\N: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\Q: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\T: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\U: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\W: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\E: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\K: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\L: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\R: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\V: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\Y: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\B: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\F: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened (read-only) \??\M: 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe -
Drops file in Program Files directory 64 IoCs
Processes:
4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exedescription ioc process File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files (x86)\Windows Media Player\setup_wm.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\DVD Maker\Shared\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\DVD Maker\it-IT\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\Common Files\System\msadc\de-DE\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\DVD Maker\de-DE\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\DVD Maker\es-ES\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\7-Zip\7zCon.sfx 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\89.0.4389.114.manifest 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Windows Media Player\wmplayer.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Common Files\System\ado\msado20.tlb 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\7-Zip\Lang\tr.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\RESTORE_FILES.txt 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\Windows Photo Viewer\ImagingDevices.exe 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\SecretST.TTF 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png 4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe"C:\Users\Admin\AppData\Local\Temp\4a29756b890feadbb8506662bb02da34f264ffcce40b05a0e44378b01ce2cd24.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
PID:1112