Analysis

  • max time kernel
    110s
  • max time network
    235s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2022 15:18

General

  • Target

    AnyDesk_x64x32/About/en-US/CredSsp.xml

  • Size

    19KB

  • MD5

    3f887766536ae5c7677e841c9a1e86f6

  • SHA1

    c3bfb966d06df84a5bd9fcdd9c0caf23a4f85b28

  • SHA256

    91a36f497d459ef96b4cedb88ee0884651d8b5c0eabce1c1f4fec6d49ff71a31

  • SHA512

    7777ff19b4b1108a2688d02f25ac69e3f66d87f44a42ad60596b447188728b231e148e67390b39b7cbcf62e83121ecb55a84cb3d72a55827c0489fadaba5469c

  • SSDEEP

    192:EYLfqDwf4tdJ11wpL9uiansm9cjoOkfmW/MQfB:9qtVPaxu5mUTOYJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\AnyDesk_x64x32\About\en-US\CredSsp.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:892
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1624
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1888

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V2GYWMWC.txt
    Filesize

    539B

    MD5

    b5aa1b04330b515219807e589642f63d

    SHA1

    627aceccc2739e12e0a9e827099b85b0f4153a53

    SHA256

    b94614bb9b26f764173461a9dbcd476a7ed8d1a041ba85c0e82c7b22ae1c4505

    SHA512

    4cff16f8189a7cabffd58fd5e9d0af344b168ef39db4b30e2e60707c933cf77169fe8bf9041ee275629b458e0c366c33b37132b84c50c5bbf7cf88824e680720

  • memory/1976-54-0x0000000076831000-0x0000000076833000-memory.dmp
    Filesize

    8KB