Analysis Overview
SHA256
fc56f94abae1ce53359cc5188c6687258b2c955ffbf1716405918929f9472006
Threat Level: Known bad
The file 325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.zip was found to be: Known bad.
Malicious Activity Summary
Azov
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-15 06:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-15 06:10
Reported
2022-11-15 06:11
Platform
win7-20220901-en
Max time kernel
0s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.exe
"C:\Users\Admin\AppData\Local\Temp\325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-15 06:10
Reported
2022-11-15 06:13
Platform
win10v2004-20220812-en
Max time kernel
136s
Max time network
153s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.exe
"C:\Users\Admin\AppData\Local\Temp\325727171c97027477a0de05486042fd6ee98160994100ad900b528cff475d5c.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 95.101.78.82:80 | tcp | |
| N/A | 95.101.78.82:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 51.11.192.48:443 | tcp |
Files
memory/3444-132-0x000001F5FE420000-0x000001F5FE424000-memory.dmp
memory/3444-133-0x00007FF748D50000-0x00007FF748DB4000-memory.dmp
memory/3444-134-0x000001F5FE3E0000-0x000001F5FE3E7000-memory.dmp
memory/3444-135-0x000001F5FE400000-0x000001F5FE405000-memory.dmp
memory/3444-136-0x000001F5FE420000-0x000001F5FE424000-memory.dmp