Analysis Overview
SHA256
283cbc75ed8f404e2f3e0453f18faf214193844cbfe9ce478c8b8714ad4d1048
Threat Level: Known bad
The file dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.zip was found to be: Known bad.
Malicious Activity Summary
Azov
Adds Run key to start application
Enumerates connected drives
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-14 05:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-14 05:44
Reported
2022-11-14 05:55
Platform
win10v2004-20220812-en
Max time kernel
526s
Max time network
514s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe | N/A |
Enumerates connected drives
Processes
C:\Users\Admin\AppData\Local\Temp\dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe
"C:\Users\Admin\AppData\Local\Temp\dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 20.42.65.89:443 | tcp | |
| N/A | 104.110.191.133:80 | tcp | |
| N/A | 104.110.191.133:80 | tcp |
Files
memory/796-132-0x00000210A0A90000-0x00000210A0A94000-memory.dmp
memory/796-133-0x00000210A0A50000-0x00000210A0A57000-memory.dmp
memory/796-134-0x00000210A0A70000-0x00000210A0A75000-memory.dmp
memory/796-135-0x00000210A0A90000-0x00000210A0A94000-memory.dmp
memory/796-136-0x00007FF755B30000-0x00007FF755B54000-memory.dmp
memory/796-137-0x00000210A0A70000-0x00000210A0A75000-memory.dmp