Analysis Overview
SHA256
07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c
Threat Level: Known bad
The file 07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c was found to be: Known bad.
Malicious Activity Summary
Azov
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-10-18 12:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-18 12:13
Reported
2023-10-18 12:30
Platform
win7-20230831-en
Max time kernel
122s
Max time network
150s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
| File opened (read-only) | \??\B: | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
| File opened (read-only) | \??\E: | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe
"C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe"
Network
Files
memory/3056-1-0x0000000000140000-0x0000000000147000-memory.dmp
memory/3056-0-0x0000000000190000-0x0000000000194000-memory.dmp
memory/3056-3-0x0000000000160000-0x0000000000165000-memory.dmp
memory/3056-4-0x000000013FA70000-0x000000013FAF0000-memory.dmp
memory/3056-9-0x0000000000190000-0x0000000000194000-memory.dmp
memory/3056-11-0x0000000000160000-0x0000000000165000-memory.dmp
memory/3056-12-0x0000000000160000-0x0000000000165000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-18 12:13
Reported
2023-10-18 12:29
Platform
win10v2004-20230915-en
Max time kernel
133s
Max time network
163s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe
"C:\Users\Admin\AppData\Local\Temp\07365141d711dcff5c65be5f23bdaf4f01d1b7a95bf1103169518e3c999e434c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
Files
memory/2012-0-0x0000000000E50000-0x0000000000E57000-memory.dmp
memory/2012-1-0x00000000010B0000-0x00000000010B5000-memory.dmp
memory/2012-2-0x00000000010D0000-0x00000000010D4000-memory.dmp
memory/2012-4-0x00007FF6C4C30000-0x00007FF6C4CB0000-memory.dmp
memory/2012-6-0x00000000010D0000-0x00000000010D4000-memory.dmp
memory/2012-5-0x00000000010B0000-0x00000000010B5000-memory.dmp
memory/2012-7-0x00000000010B0000-0x00000000010B5000-memory.dmp
memory/2012-9-0x00000000010B0000-0x00000000010B5000-memory.dmp
C:\Program Files\7-Zip\RESTORE_FILES.txt
| MD5 | 78ede93114e65f9160fd03d3357c56e6 |
| SHA1 | 88d531b101e57655f1d0d26c6b3257aa2468d460 |
| SHA256 | c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5 |
| SHA512 | 074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d |