6710fd52a418adfb6338960abe79ea7793b15aba5c241776a10ea5d17c397cf3

Analysis

max time kernel
132s
max time network
30s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-02-2025 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
Size

12.9MB
MD5

cc3b458540136770be5d5775f0d44f66
SHA1

6253d690cf1aeef7cf0d14395e82ddb347dd5bc6
SHA256

6710fd52a418adfb6338960abe79ea7793b15aba5c241776a10ea5d17c397cf3
SHA512

200493457cf0dd0487514b0d9d344771889a38a88812c606ba5246d1676cdc15d70791e81ef9ba9cb00713f49c7ac0433c7f712d1093ddb7e27001ed08122c67
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhR3hREhRFhRVhRihRrhRihREhR3:DAkLRLRxRYRHRXRGR9RGRYR3

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcCZ = "c:\\Windows\\System32\\mcCZ.exe"	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\mcCZ.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\mr.txt.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.exe	2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-18_cc3b458540136770be5d5775f0d44f66_poet-rat_snatch.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
13.5MB

MD5
c0f7c14b600a84370f7f641e6cbf3ba5

SHA1
b7d2c58ed7c8749cfe1dfa6436da80da3c8e589a

SHA256
fd0842f49fade5bbe695a52d0b28c5203821f8b3fa762a4a84366419c50a91a5

SHA512
943330bd67f5e1c307b7f46430dcccd08a7ede9aa74894db6ef6c6b9e60d7bedf51bbab842d1169cfd90dc1f17f5dcacdafea5ce7ce3254a71988bc728f8b2da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads