Analysis

  • max time kernel
    219s
  • max time network
    483s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2022 15:18

General

  • Target

    AnyDesk_x64x32/About/en-US/DFS.xml

  • Size

    1KB

  • MD5

    59649458234fa8ec0fa1ccf6d1a1f000

  • SHA1

    fa84dc8c633ac66d93c2cc4ca82973690cc01b06

  • SHA256

    7c621bdfa9aafbb72c6e3eaa6bd9dadb9b87b76ff3085c3ab85f94a4ba74148b

  • SHA512

    3dac7345cdf6e474ec6550890d2581e97ceccbdf3d6da446d0b4051600b81e66725e20e3905fc8ed051e00ae74b7899ecec073c828e776fb664731218f88e528

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\AnyDesk_x64x32\About\en-US\DFS.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1680
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:816
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1444

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TB3MKVH7.txt
    Filesize

    533B

    MD5

    53ec7728dd4daf5a65c6ff9ceabf8fe8

    SHA1

    64e0e5a7a4f4263b037192e4c197489292fb943c

    SHA256

    3be28f2a6869e115d2b461d763ed92583f6a822c80c984dbfbddc0b9491b0e45

    SHA512

    fd73f06b4fa47ffa022dc8dd2c498acdf7c037de9e26554f7f9b9fc9c7711054d84eecb60cfaa3d930fa1adc96436d3cbd7886a77957fac88c1164188a788094

  • memory/556-54-0x00000000759F1000-0x00000000759F3000-memory.dmp
    Filesize

    8KB