Overview

overview

10

Static

static

AnyDesk.exe

windows7_x64

10

AnyDesk.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    17-02-2022 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk.exe

  • Size

    1.6MB

  • MD5

    397640d8c42e1f06cc45fb6ce689be8b

  • SHA1

    8e56c7883ad7eefa314b9a4f234f1b59a9e7f8fb

  • SHA256

    101b6b6bec4ae6e698d793d1f9d1a905c03bac2da987ba68033a16fed414a95c

  • SHA512

    60708d311b7bd473f6981de94ccfea05c22e956944c675ac9b457b2585e53d5bd132db70a1df9dbb9b7c1077c6b819cf4cbbc57b18503d8602442a3415ba8166

Score
10/10
icedid494770699bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

494770699

C2

oceriesfornot.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 948 -s 260
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/948-55-0x0000000140000000-0x000000014000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1356-56-0x000007FEFBC31000-0x000007FEFBC33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1356-57-0x0000000001B50000-0x0000000001B51000-memory.dmp

    Filesize

    4KB

    Download