Overview

overview

8

Static

static

8

ﱞﱞﱞï...ﱞﱞ

windows10_x64

8

ﱞﱞﱞï...ฺฺ

windows10_x64

8

Analysis

  • max time kernel
    300s
  • max time network
    250s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    13-04-2021 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk (1).exe

  • Size

    2.8MB

  • MD5

    08c999b2d02f9253c1320e8473245278

  • SHA1

    8191f2871c2badd42838e0a3b67aada5a35e2abd

  • SHA256

    9e4c02db3e8d6a633564d882eaf260e45769441a3c9fbdd02a40de36085bfb82

  • SHA512

    a5b2faf418ed90e5d75c898b95c2a9d748326325b02836523cc2ab486380af889ecc40099c6047a3d6bf99857a95da5edea69c574235cbf3ee940753ed4ecacb

Score
8/10
agilenetvmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\41a9119e-2bb1-41eb-a7e2-13c2a2bee220\GunaDotNetRT64.dll
    MD5

    9c43f77cb7cff27cb47ed67babe3eda5

    SHA1

    b0400cf68249369d21de86bd26bb84ccffd47c43

    SHA256

    f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

    SHA512

    cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

    Download Submit
  • memory/640-124-0x000002AE4AB40000-0x000002AE4AD88000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/640-126-0x00007FFAFBCC0000-0x00007FFAFBDEC000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/640-121-0x000002AE4A8C0000-0x000002AE4AA02000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/640-122-0x000002AE31FA0000-0x000002AE31FAB000-memory.dmp
    Filesize

    44KB

    Download
  • memory/640-123-0x000002AE31FF0000-0x000002AE31FF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-114-0x000002AE2FEF0000-0x000002AE2FEF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-117-0x000002AE31FB0000-0x000002AE31FB2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/640-118-0x000002AE308F0000-0x000002AE308F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-128-0x000002AE31FB4000-0x000002AE31FB5000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-127-0x000002AE31FB2000-0x000002AE31FB3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-129-0x000002AE4FBC0000-0x000002AE4FBC4000-memory.dmp
    Filesize

    16KB

    Download
  • memory/640-131-0x000002AE31FB7000-0x000002AE31FB8000-memory.dmp
    Filesize

    4KB

    Download
  • memory/640-130-0x000002AE31FB5000-0x000002AE31FB7000-memory.dmp
    Filesize

    8KB

    Download
  • memory/640-132-0x000002AE31FB8000-0x000002AE31FBA000-memory.dmp
    Filesize

    8KB

    Download