Overview

overview

10

Static

static

3

95a24a70d3...c2.exe

windows7-x64

10

95a24a70d3...c2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2025, 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95a24a70d322e14fb2f252c6e8995ddc459d2e744ce2cb8e5013030265edf4c2.exe

  • Size

    1.5MB

  • MD5

    32e6e16b55bbd073958c98f9d47f92e7

  • SHA1

    6abf691d3a8752a6b52f1a1adfe56571f963dcee

  • SHA256

    95a24a70d322e14fb2f252c6e8995ddc459d2e744ce2cb8e5013030265edf4c2

  • SHA512

    1661c40d4148de7e4beb3410bbedeb5ba0583c1d7f6899eb6a09aad1686db5f6097cc26c17f8d8da77d2b8af7fa4ed3847641630d85b4de15f0fdbb366e46986

  • SSDEEP

    24576:+RHe6IXGtlqIBPtk0mBRYETIoZJoAOM08/85RkptVIJqaBjp1:wmVIBlkRTVOMjUfkptVxaBjp1

Score
10/10
azovpersistenceransomwarewiper

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-925314154-1797147466-1467878628-1000\RESTORE_FILES.txt

Family

azov

Ransom Note
Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Signatures

  • Azov

    A wiper seeking only damage, first seen in 2022.

    ransomwarewiperazov
  • Azov family
    azov
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 57 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95a24a70d322e14fb2f252c6e8995ddc459d2e744ce2cb8e5013030265edf4c2.exe
    "C:\Users\Admin\AppData\Local\Temp\95a24a70d322e14fb2f252c6e8995ddc459d2e744ce2cb8e5013030265edf4c2.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:5080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
    Filesize

    2KB

    MD5

    a1059eb71febd4db56f0d041f07017ff

    SHA1

    5bd85a7a504e0e17925272c7798218bf2e8c4932

    SHA256

    c571d844933e1c42924cfb635a3215b443865c05f1e077cb34040e525324ffdc

    SHA512

    99ac8a2cd6275ea8a5fafc678b60e6baf7ee94197fddb9657f76a7ea697f8d33cc6d516c70360e4805b9753c1de024543247951e5106a8386a02fecf72a78165

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-925314154-1797147466-1467878628-1000\RESTORE_FILES.txt
    Filesize

    3KB

    MD5

    4f3332a48d767cc5bdfdab755d84a450

    SHA1

    d7d583c08e82f39637d8209447c2c9cad1478f01

    SHA256

    a04e8cc0ea5f7e143eba012c2bc470161f1faf9c904eb233f777ced8e6e706ad

    SHA512

    0f60de7622aa69ae0b209a1ed54ec7ba0f6b81b597565e64d41845bec8c471a768ca8622964260c448530f637492aac31a4fc5ec95de147ef2c0d89149c2a66f

    Download Submit

  • memory/5080-0-0x0000021D1DA90000-0x0000021D1DA94000-memory.dmp

    Filesize

    16KB

    Download

  • memory/5080-3-0x0000021D1DA80000-0x0000021D1DA85000-memory.dmp

    Filesize

    20KB

    Download

  • memory/5080-16-0x0000021D1DA90000-0x0000021D1DA94000-memory.dmp

    Filesize

    16KB

    Download

  • memory/5080-19-0x0000021D1DA80000-0x0000021D1DA85000-memory.dmp

    Filesize

    20KB

    Download

  • memory/5080-4-0x0000021D1DA50000-0x0000021D1DA56000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5080-5-0x0000021D1DA80000-0x0000021D1DA85000-memory.dmp

    Filesize

    20KB

    Download

  • memory/5080-2-0x00007FF7023B0000-0x00007FF70251D000-memory.dmp

    Filesize

    1.4MB

    Download