Overview

overview

10

Static

static

3

42cdb395ee...b2.exe

windows7-x64

10

42cdb395ee...b2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    96s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2025, 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42cdb395ee0939852ab526abcd41050147e631064accf82aee04b755a7b11db2.exe

  • Size

    1.5MB

  • MD5

    05a7cd4fc219f4460fb0484b13c76dd7

  • SHA1

    19cb5db410b19153e6430e801c1531fb2e1e6348

  • SHA256

    42cdb395ee0939852ab526abcd41050147e631064accf82aee04b755a7b11db2

  • SHA512

    c9951795e0f074a9834932fb7a73738ef67ccc5592a668dd112aad477aa1f9036536e1d5570ff6018f96235acee23010eb8565044a2fa622e8106dccf5b31b41

  • SSDEEP

    24576:jBjY6kG7lqfbT+/tpdriEUVoZJoAOM08/85RkptVIJqAkfRY:lafby/HrHOMjUfkptVxDY

Score
10/10
azovpersistenceransomwarewiper

Malware Config

Signatures

  • Azov

    A wiper seeking only damage, first seen in 2022.

    ransomwarewiperazov
  • Azov family
    azov
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42cdb395ee0939852ab526abcd41050147e631064accf82aee04b755a7b11db2.exe
    "C:\Users\Admin\AppData\Local\Temp\42cdb395ee0939852ab526abcd41050147e631064accf82aee04b755a7b11db2.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:4620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
    Filesize

    2KB

    MD5

    2b8eb5501eebea08f5e3d6b96cc87cca

    SHA1

    8f0c135665fbbcccc1d9329f94d71bdd95b1efad

    SHA256

    81a56cf98fe61ad92c350fc63acb842946791e50832387bed00209772e23baa3

    SHA512

    48b7b9d1664c70ac9b39d1da70f88d342e33cc09fafa922e40626245e31d9e6ee0846ccf579dc7b27817cbcd42d10c97910b387e1e17e11d59dcdc3862f28161

    Download Submit

  • memory/4620-1-0x00000298FB990000-0x00000298FB995000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4620-0-0x00000298FB970000-0x00000298FB976000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4620-2-0x00000298FB9A0000-0x00000298FB9A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4620-4-0x00007FF6FEA20000-0x00007FF6FEB8D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4620-5-0x00000298FB990000-0x00000298FB995000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4620-20-0x00000298FB9A0000-0x00000298FB9A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4620-23-0x00000298FB990000-0x00000298FB995000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4620-14-0x00000298FB990000-0x00000298FB995000-memory.dmp

    Filesize

    20KB

    Download