Analysis Overview
SHA256
eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96
Threat Level: Known bad
The file eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96 was found to be: Known bad.
Malicious Activity Summary
Azov
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-12-21 05:26
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2022-12-21 05:26
Reported
2022-12-21 05:29
Platform
win10v2004-20220812-en
Max time kernel
68s
Max time network
136s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe
"C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 13.69.109.130:443 | tcp | |
| N/A | 104.80.225.205:443 | tcp |
Files
memory/4640-132-0x0000000000F20000-0x0000000000F24000-memory.dmp
memory/4640-133-0x00007FF67CA10000-0x00007FF67CA47000-memory.dmp
memory/4640-136-0x0000000000F20000-0x0000000000F24000-memory.dmp
memory/4640-135-0x0000000000C10000-0x0000000000C15000-memory.dmp
memory/4640-134-0x0000000000BE0000-0x0000000000BE6000-memory.dmp
memory/4640-139-0x0000000003630000-0x0000000004630000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-12-21 05:26
Reported
2022-12-21 05:29
Platform
win7-20220901-en
Max time kernel
45s
Max time network
49s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe
"C:\Users\Admin\AppData\Local\Temp\eb070423e80520c4d7b8301130184b895ac14f0e51a67423145ead4768109f96.exe"
Network
Files
memory/1492-54-0x000007FEFC5A1000-0x000007FEFC5A3000-memory.dmp
memory/1492-55-0x00000000001B0000-0x00000000001B4000-memory.dmp
memory/1492-56-0x000000013FAD0000-0x000000013FB07000-memory.dmp
memory/1492-57-0x0000000000170000-0x0000000000176000-memory.dmp
memory/1492-59-0x00000000001B0000-0x00000000001B4000-memory.dmp
memory/1492-58-0x00000000001A0000-0x00000000001A5000-memory.dmp