f836e7c3c9aa35de70ffac335dd4f9f97d13c8cb339823bb000f042f5cf9339c

Analysis

max time kernel
132s
max time network
130s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-02-2025 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
Size

12.1MB
MD5

e5bd5434d2769abba057547204bfb3ab
SHA1

077a23a1bf27660ee455b8ed968676b3686081eb
SHA256

f836e7c3c9aa35de70ffac335dd4f9f97d13c8cb339823bb000f042f5cf9339c
SHA512

03ab956f4cdab003b2246b4d1065e17184aad83ea912f3585f0f5820826c63b0ab148d111eedb70ae69a356644579e79df71fdd0f943ada55a634ea8994a29d2
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhR3hREhRwhR/hRLhRehRlhRB:DAkLRLRxRYRsRJRdR6RnRB

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UcYg = "c:\\Windows\\System32\\UcYg.exe"	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\UcYg.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\el.txt.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.exe	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp	2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-18_e5bd5434d2769abba057547204bfb3ab_poet-rat_snatch.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
12.8MB

MD5
52bd5d3727c25678ca8c454d118b13b2

SHA1
848906b3ef24d609cdb5a0a63e84a40d3bcde02b

SHA256
d04c31db3f64e5340c70f218269fda3c08f65333da8febb5f981d8cc30bc3f6c

SHA512
3cefc2006ed0027663d9d36699ad99c23628ab63ff1650d39066010da84b7e58a8985533eeaf13b6b1f0cebf073ec1025ce5215d1b5f55d97b590d8b764696f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads