4e2cc5a128e810bff607d9387cde16624c6188c0b8206668f99aa95659783122

Analysis

max time kernel
132s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-02-2025 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
Size

13.5MB
MD5

065a35ee72de722e6c34bf2895982311
SHA1

a35cb06ce4a6c914a6c1c60a9e1ca7dabe464241
SHA256

4e2cc5a128e810bff607d9387cde16624c6188c0b8206668f99aa95659783122
SHA512

38f8982c85f43c07afeadb1c572c21e74f7017197955d26528e5425f8f8070090ed3ea3624fc30d2e2de0d00d93aa9c09fa33704d1dc099ed85c6ffa0caada6b
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhR3hREhRQhRShRPhR+hRbhR9hRuhRz:DAkLRLRxRYRMR2RZRaRtRPRKRz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\azeqBz = "c:\\Windows\\System32\\azeqBz.exe"	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\azeqBz.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File opened for modification	C:\Program Files\BlockSubmit.ini	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.exe	2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-18_065a35ee72de722e6c34bf2895982311_poet-rat_snatch.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
14.2MB

MD5
4f4dd588b5910503a52118c963ae30c9

SHA1
ddca88de08f6d9634166d7cebb0a65bd2ec05fd5

SHA256
4cf2f96587ea02218896a2faf9bc4a186fa555889a467751fd8d2de3613c2498

SHA512
4c5f2ffb5f3adc150c17e72ee9b945a7e39d7be8068dfceadf570aca53e48f41f7651bfeda6f8f9e4c3dae000eb918e90c8ac2e3f3de4b22aab742611fa0beb7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads