Analysis

  • max time kernel
    120s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2022 15:18

General

  • Target

    AnyDesk_x64x32/About/en-US/ControlPanelDisplay.xml

  • Size

    20KB

  • MD5

    61cb7046c23a14515c58521dad36ab6f

  • SHA1

    62ec7a88975656944fd8ca72924a916336112465

  • SHA256

    a4f9a17502e8aba9e82c5c324cbed40e109a565ca2e27b3d79389f1a595b3ccd

  • SHA512

    13473deade6477440d9515c9fc6babecdb59fe9a806633b003b14e71ec6e762dd9e13a9bfd1dfed554d7ca6a664b3c1ef0ceb7c8278f22cc0e0eeb793e697c1f

  • SSDEEP

    384:VfRyKGkSDgF+vXDtchtrWzsbHX92eLb2vB1E4RRN9:VfRXTCrvXDWrWziN2ZvB1fRX

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\AnyDesk_x64x32\About\en-US\ControlPanelDisplay.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1656
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1944
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:308

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O1MNX50D.txt
    Filesize

    539B

    MD5

    14687c090c90a140b4c1b4d9b1f5afcf

    SHA1

    3766f22b8ca6e4ca1b6f49191c91e0e279b34f47

    SHA256

    68137536910a796a777f11edb3727441dbb82840600a2a3f1314aa7a18b55c50

    SHA512

    233094d24523a70e65fb7ec9b07ac6704e0242e0465eaded84ddebc873044fb0bab182b9e89f7dcfa504e6c5db6e346291d81dd6861a92e19295b0132c1077b8

  • memory/1812-54-0x0000000076461000-0x0000000076463000-memory.dmp
    Filesize

    8KB