Analysis
-
max time kernel
147s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
14-12-2023 03:41
Static task
static1
Behavioral task
behavioral1
Sample
f1b852a503e3fc8e64c169f1e628e596.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
f1b852a503e3fc8e64c169f1e628e596.exe
Resource
win10v2004-20231127-en
General
-
Target
f1b852a503e3fc8e64c169f1e628e596.exe
-
Size
563KB
-
MD5
f1b852a503e3fc8e64c169f1e628e596
-
SHA1
ef29148cf86dc709c11ffb8c3ae944787523cd89
-
SHA256
a433433fc59d37bff9fbc3f0bd2ffbe8789998275503ed8cc1ab38bdf9ce6aec
-
SHA512
213294ecbd89166ca98747876f4f37db31b7f60b387532322d2c7f42c7e8769311e0d042563a321be562f1f86c429e71ec300cbe9771835fce78f1caf3b09860
-
SSDEEP
12288:hD6CAS1Ot9iJQdfiXW+s9maH2kJKoOhzdd3jlQ+a:TvOt9iJ08AiRQX
Malware Config
Signatures
-
Azov
A wiper seeking only damage, first seen in 2022.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
f1b852a503e3fc8e64c169f1e628e596.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" f1b852a503e3fc8e64c169f1e628e596.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
f1b852a503e3fc8e64c169f1e628e596.exedescription ioc process File opened (read-only) \??\J: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\N: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\O: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\R: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\A: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\E: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\G: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\I: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\Y: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\X: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\L: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\Q: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\T: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\V: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\Z: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\H: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\M: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\P: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\W: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\B: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\K: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\S: f1b852a503e3fc8e64c169f1e628e596.exe File opened (read-only) \??\U: f1b852a503e3fc8e64c169f1e628e596.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1772-0-0x000001E47F6B0000-0x000001E47F6B4000-memory.dmpFilesize
16KB
-
memory/1772-2-0x000001E47F680000-0x000001E47F687000-memory.dmpFilesize
28KB
-
memory/1772-4-0x0000000000800000-0x0000000000878000-memory.dmpFilesize
480KB
-
memory/1772-3-0x000001E47F6A0000-0x000001E47F6A5000-memory.dmpFilesize
20KB
-
memory/1772-9-0x000001E47F6B0000-0x000001E47F6B4000-memory.dmpFilesize
16KB
-
memory/1772-10-0x000001E47F6A0000-0x000001E47F6A5000-memory.dmpFilesize
20KB
-
memory/1772-14-0x000001E47F6A0000-0x000001E47F6A5000-memory.dmpFilesize
20KB