Analysis Overview
SHA256
07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c
Threat Level: Known bad
The file 07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c was found to be: Known bad.
Malicious Activity Summary
Azov
Enumerates connected drives
Adds Run key to start application
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-10-18 12:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-18 12:07
Reported
2023-10-18 12:12
Platform
win7-20230831-en
Max time kernel
120s
Max time network
135s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe
"C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe"
Network
Files
memory/2240-1-0x00000000000C0000-0x00000000000C7000-memory.dmp
memory/2240-0-0x0000000000190000-0x0000000000194000-memory.dmp
memory/2240-3-0x00000000000E0000-0x00000000000E5000-memory.dmp
memory/2240-4-0x000000013F2B0000-0x000000013F330000-memory.dmp
memory/2240-6-0x0000000000190000-0x0000000000194000-memory.dmp
memory/2240-7-0x00000000000E0000-0x00000000000E5000-memory.dmp
memory/2240-8-0x00000000000E0000-0x00000000000E5000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-18 12:07
Reported
2023-10-18 12:11
Platform
win10v2004-20230915-en
Max time kernel
139s
Max time network
157s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe
"C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.105.26.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
memory/492-1-0x0000000002560000-0x0000000002564000-memory.dmp
memory/492-0-0x0000000000D30000-0x0000000000D37000-memory.dmp
memory/492-2-0x0000000000D50000-0x0000000000D55000-memory.dmp
memory/492-4-0x00007FF6D6DA0000-0x00007FF6D6E20000-memory.dmp
memory/492-6-0x0000000002560000-0x0000000002564000-memory.dmp
memory/492-10-0x0000000000D50000-0x0000000000D55000-memory.dmp
memory/492-14-0x0000000000D50000-0x0000000000D55000-memory.dmp
C:\Program Files\7-Zip\RESTORE_FILES.txt
| MD5 | 78ede93114e65f9160fd03d3357c56e6 |
| SHA1 | 88d531b101e57655f1d0d26c6b3257aa2468d460 |
| SHA256 | c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5 |
| SHA512 | 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d |