Overview

overview

8

Static

static

8

ﱞﱞﱞï...ﱞﱞ

windows10_x64

8

ﱞﱞﱞï...ฺฺ

windows10_x64

8

Analysis

  • max time kernel
    41s
  • max time network
    18s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    13-04-2021 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk (1).exe

  • Size

    2.8MB

  • MD5

    08c999b2d02f9253c1320e8473245278

  • SHA1

    8191f2871c2badd42838e0a3b67aada5a35e2abd

  • SHA256

    9e4c02db3e8d6a633564d882eaf260e45769441a3c9fbdd02a40de36085bfb82

  • SHA512

    a5b2faf418ed90e5d75c898b95c2a9d748326325b02836523cc2ab486380af889ecc40099c6047a3d6bf99857a95da5edea69c574235cbf3ee940753ed4ecacb

Score
8/10
agilenetvmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\41a9119e-2bb1-41eb-a7e2-13c2a2bee220\GunaDotNetRT64.dll
    MD5

    9c43f77cb7cff27cb47ed67babe3eda5

    SHA1

    b0400cf68249369d21de86bd26bb84ccffd47c43

    SHA256

    f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

    SHA512

    cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

    Download Submit
  • memory/1032-126-0x00007FFC6DFE0000-0x00007FFC6E10C000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1032-127-0x00000248F8352000-0x00000248F8353000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1032-121-0x00000248F83D0000-0x00000248F8512000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1032-122-0x00000248F61E0000-0x00000248F61EB000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1032-123-0x00000248F6210000-0x00000248F6211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1032-124-0x00000248F87A0000-0x00000248F89E8000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/1032-118-0x00000248F61C0000-0x00000248F61C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1032-114-0x00000248F5950000-0x00000248F5951000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1032-117-0x00000248F8350000-0x00000248F8352000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1032-128-0x00000248F8353000-0x00000248F8354000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1032-129-0x00000248F86A0000-0x00000248F86A4000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1032-132-0x00000248F8357000-0x00000248F8358000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1032-131-0x00000248F8355000-0x00000248F8357000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1032-133-0x00000248F8358000-0x00000248F835A000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1032-130-0x00000248F8354000-0x00000248F8355000-memory.dmp
    Filesize

    4KB

    Download