734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

Analysis

max time kernel
143s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 05:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ssert.exe
Size

3.9MB
MD5

bca01af10aac7833188c47d7fec17196
SHA1

7f7898da333b924bd358aeb9936a944eb8bf3c09
SHA256

734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a
SHA512

4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032
SSDEEP

49152:6ZeC+Xpi5ZnHuNO7HrDequJVU6GTTC/gZAjj4agcXz75rtelRqEiruLh3fZlTP5t:cpfn7HruwEk00agcD7fkRX6uRfZrnAnC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2212	ssert.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1700	ssert.exe
1700	ssert.exe
1700	ssert.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1700	ssert.exe
1700	ssert.exe
1700	ssert.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2212	2656	ssert.exe	28
PID 2656 wrote to memory of 2212	2656	ssert.exe	28
PID 2656 wrote to memory of 2212	2656	ssert.exe	28
PID 2656 wrote to memory of 2212	2656	ssert.exe	28
PID 2656 wrote to memory of 1700	2656	ssert.exe	29
PID 2656 wrote to memory of 1700	2656	ssert.exe	29
PID 2656 wrote to memory of 1700	2656	ssert.exe	29
PID 2656 wrote to memory of 1700	2656	ssert.exe	29

C:\Users\Admin\AppData\Local\Temp\ssert.exe
"C:\Users\Admin\AppData\Local\Temp\ssert.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\ssert.exe
  "C:\Users\Admin\AppData\Local\Temp\ssert.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Users\Admin\AppData\Local\Temp\ssert.exe
  "C:\Users\Admin\AppData\Local\Temp\ssert.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
9b485fa59ff15bc5f2c2bf17ce9dd105

SHA1
8df41a597309dfc28dfd026ce97335a8cfc340b3

SHA256
5f37410275e21e24afb6f3e8cebe43a87cbcd5402eb9f49bd08d44f249a54e8c

SHA512
33450a7652c2d0a8069f7ed541be515244908746549fa29f1b82d604ef6c310c6ba800d8ec55b61edc124a2b1d2e47045149a5fcfc489fba31c161bb0a869fba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
1a7a68d4405030dcd3ca5e40c884945a

SHA1
61a587e5abb78eddf37f00d30b33c26ec7326bbc

SHA256
f68f9962af91d1530325acd02afc883a5c30c146a76a6355cf10f17ead77d0e2

SHA512
23f9df9f5060397803fa40606b4f2b33fbd3abf3320a641ecaf59edf419ea83713a5b5b98010d18565679bc4742f73321964b3f7ef97d8013daf865591b0c305

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8ce20eb5545e64b9556e292141ccd797

SHA1
5f02374d4c40d09e9656a5b5b2c285fd290cfbe8

SHA256
2506fb9e0fd4f5319e88af2bcaaf9fc72c2c2f6d78c68b25cd56d9fcd69aa6b4

SHA512
bedcd5b84fe866f4a0adbf6354519233fdc9239e2690449aff168bb9acf67b8612fe2a2001a60afeb3f92dbf1eb82e2cf3b7e692520c6dccad7e8de25836dc7f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8ce20eb5545e64b9556e292141ccd797

SHA1
5f02374d4c40d09e9656a5b5b2c285fd290cfbe8

SHA256
2506fb9e0fd4f5319e88af2bcaaf9fc72c2c2f6d78c68b25cd56d9fcd69aa6b4

SHA512
bedcd5b84fe866f4a0adbf6354519233fdc9239e2690449aff168bb9acf67b8612fe2a2001a60afeb3f92dbf1eb82e2cf3b7e692520c6dccad7e8de25836dc7f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
0de63d3443d25092ea506f5cb3d95b5b

SHA1
c71011079857b34d6ecc8b7a8f146b3dffc04495

SHA256
8b13a783f7d5fc8aadeabe9d968d430d276cc03d445bb0342bdef74aecc7950f

SHA512
3976c251b1a34b505bfea5a63ef56e76eee8ce9774bf6a23984a4c0d64640fe700614bc869082298ae732477cac488c567bd429b4ef5956a26ce5fcc7d925435

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
73e6155e8a9717ea1f2504d795787d8b

SHA1
2f46779b62c9fef23ff20c6f7ee804da70e9a065

SHA256
9b8181052d8af34268882593cffe8167944366aa7e39886d35151ef0edcdecdc

SHA512
1fbc4b84ca12a70579cd9da6ab5586baefd5cf47a24ac87a60bdd68196fc7e949d33a262cf02c716b86bca86d515d0757e0da0167925c266a88cc591a2c842d8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
73e6155e8a9717ea1f2504d795787d8b

SHA1
2f46779b62c9fef23ff20c6f7ee804da70e9a065

SHA256
9b8181052d8af34268882593cffe8167944366aa7e39886d35151ef0edcdecdc

SHA512
1fbc4b84ca12a70579cd9da6ab5586baefd5cf47a24ac87a60bdd68196fc7e949d33a262cf02c716b86bca86d515d0757e0da0167925c266a88cc591a2c842d8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
a1e6e9ec5f69c9441067122ca8ac7e30

SHA1
460dd017b256a27f04b07dc84edb6e214b678e2f

SHA256
98435931c681518aecc94986782402592e94865b77b589e6d5309dacfc03aa1e

SHA512
fb1aa04b9d19d44fdb762f5e34864eb1bc091003a3b945d7902e2f118889e538a4c3738604f4bc5a179ba9c4e3ad12db83d29bac60e7f79c442fe4fafc009512

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
a1e6e9ec5f69c9441067122ca8ac7e30

SHA1
460dd017b256a27f04b07dc84edb6e214b678e2f

SHA256
98435931c681518aecc94986782402592e94865b77b589e6d5309dacfc03aa1e

SHA512
fb1aa04b9d19d44fdb762f5e34864eb1bc091003a3b945d7902e2f118889e538a4c3738604f4bc5a179ba9c4e3ad12db83d29bac60e7f79c442fe4fafc009512

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
506ab6a97b9339c2a689bdf9e4c30ef9

SHA1
4c6b8b3c50e35625a364a0e3da926f118d7ce43b

SHA256
12887437d72f84d798b890ef85e02379e0be0af3834d596c91603bf1c25aa565

SHA512
4a83042e659034b391955d0cdf8141672a7a65119933aa8e85b885aaa8293e310c58973daa96642fc925647be050040c8e3d6c8393aa04cc1c9404e4e4b92d3d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
849B

MD5
88f1f9391979293d9cc6219e9a29d81d

SHA1
55ad6c36b62f23c4c8f46253198b8a3132831a57

SHA256
e249854840b8712e425a489e03054c0c383f7892b00d8c39d7c5221ea8adccf7

SHA512
918762e770c6e5b633c4e79d97fb43d4f123a6c5c32227f196ba779ce8d928dd1668eeda1678b3f0ba19ba2cc496b25d91f62b087b165191a12b1242ed21dbfb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
849B

MD5
88f1f9391979293d9cc6219e9a29d81d

SHA1
55ad6c36b62f23c4c8f46253198b8a3132831a57

SHA256
e249854840b8712e425a489e03054c0c383f7892b00d8c39d7c5221ea8adccf7

SHA512
918762e770c6e5b633c4e79d97fb43d4f123a6c5c32227f196ba779ce8d928dd1668eeda1678b3f0ba19ba2cc496b25d91f62b087b165191a12b1242ed21dbfb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
367B

MD5
9bcd80bf5980de81aac3fa7406d48da8

SHA1
fdd680a24ce5dff0902e354698ba886e4a5f605c

SHA256
a2289ae227c642430fa7cdca73feabc64c10d851592dcadb9da6c6e49612870a

SHA512
2ad6a066dc3b54f19d9169bd213d4f03d791b1470ba334ceada77a413f525ada0a1abbd0fb7e53ffcbbac83856afea2f6e579266786726522b1f5a87679e179e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3a37bc12b74ec7aa470f2259f9987101

SHA1
b1341fba5f06bddc9215efe5162d5c72a78f70e0

SHA256
5f169a969b280e17399c1074207b514f71c087f0e403f146827c2a00efa33fba

SHA512
99809b9f2eb03a8158633a3b32c5aa1ed245ffbaff324952746a6947bc25e734d6f6bb1cd1625e032c08e227fb7970438866479cfa6514b941fb0e5df663d410

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ca3e6abdca133d34002876d431925e97

SHA1
86a5e90b2f1717e18596937cfbbabac3ef0f1367

SHA256
7ab3b551c952541cb8d340364b160d78d0e5ef0321f8b624fa8e16abfe7ff3d1

SHA512
1eafb8b51d0abc41c3c10df55896b49d887a7a9d11570ca4164a02d1386e0b9e624ff5351e064e62deb74c7b907c9f573919193840c1551fc0f2f376e9f6c856

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ca3e6abdca133d34002876d431925e97

SHA1
86a5e90b2f1717e18596937cfbbabac3ef0f1367

SHA256
7ab3b551c952541cb8d340364b160d78d0e5ef0321f8b624fa8e16abfe7ff3d1

SHA512
1eafb8b51d0abc41c3c10df55896b49d887a7a9d11570ca4164a02d1386e0b9e624ff5351e064e62deb74c7b907c9f573919193840c1551fc0f2f376e9f6c856

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
4KB

MD5
b7aa0bc2ed99379fe448e6cc30497b90

SHA1
ea59c96e1f94475266976e7a19bd49a0ab62e6e5

SHA256
27a9c40e6682d15782b87be1a2fd092266eeb23d108ba09aef77939717b4327e

SHA512
50852cd10d321785b58266f48f6373541718b4fb2ab97dec297283535eb4375e5a0e51537087e666c6f3c72a1774420f356004856eb51a63e2bfaa11d783153c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
a17caf61ef5f8af870287fab225ca7ed

SHA1
10da47c40d2e5427671d47845e6b514e8f0fed1f

SHA256
c142e991e94357c15d7a974f42a38455ff0172195c6e48fd59e62db684f14a88

SHA512
d2e88642ca25733ac7fc1e04fe8ea854a54b493a621f210e7999279a9c8386eb2813fbe55ff008bfb8be4d95ace5067c7e364dcaffe0fe6014011c9804823efd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
d03da7f0167bb674fa7f38421bb3ebc8

SHA1
a1830bc65a37d7f693937aa702663235b6564938

SHA256
7c0291f514636d166c84a34a6897760d31faadd773f5a416bcff6034abe5065d

SHA512
c62fb4ed26459231848a1be8b45bfafe98a13cc167f7233e676544607e52904c41f2878d8c90d968d810672b3085b1ab4585427659df8403877a205895f1fb74

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
364cd13fd2b1ca454eb985eaca272c70

SHA1
b12364cc1c5c8ba1bc623d54e140387423fc8ad7

SHA256
b70bc359b0ca1a2e7c846936d91388abf9ce3aedabe0687e27b8fc846de3b998

SHA512
d30f49909c3260299599c0132bce508bf865c7dbbdbe287e9389583b7d2427dc42f9f7e5916fb675350915c98589a5d3dd08d3a1722100b83ff7221df57ea3cc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
364cd13fd2b1ca454eb985eaca272c70

SHA1
b12364cc1c5c8ba1bc623d54e140387423fc8ad7

SHA256
b70bc359b0ca1a2e7c846936d91388abf9ce3aedabe0687e27b8fc846de3b998

SHA512
d30f49909c3260299599c0132bce508bf865c7dbbdbe287e9389583b7d2427dc42f9f7e5916fb675350915c98589a5d3dd08d3a1722100b83ff7221df57ea3cc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
55296755bd2ab004ad568ab6c1794015

SHA1
4cfa6452b8f36ea78042fe68f41d1da78b488519

SHA256
0ce97957dd87f2c2203dfcee217f61503d3a940d02fff5f0e89cff0ea0a500fc

SHA512
80938361152c9dcb54282db70b211120e1b5e8b22b6ead5a1dfbd5067fca37a9250b9db0e06ad56dc4f7b12476a10e3a76ca45d6dd7c50cd19d8059f73f06f2e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
099cc495a4b311c31adf57b7fe558631

SHA1
18b72325d4dd24f353fc780fd8dc3a9e9700e154

SHA256
4ad603e5f06505d244e011d3b926ca7a5dc58d2fd27a80377f572c8294e4e14e

SHA512
e3cf2708e782aa16b4bc4f71e3c67048db901c7360ff7bbff08b8370ff9059d47b64e11402a85e4fe69a3025ed803f0b912eb28c103a55df9b7edf8cb107b0ab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
099cc495a4b311c31adf57b7fe558631

SHA1
18b72325d4dd24f353fc780fd8dc3a9e9700e154

SHA256
4ad603e5f06505d244e011d3b926ca7a5dc58d2fd27a80377f572c8294e4e14e

SHA512
e3cf2708e782aa16b4bc4f71e3c67048db901c7360ff7bbff08b8370ff9059d47b64e11402a85e4fe69a3025ed803f0b912eb28c103a55df9b7edf8cb107b0ab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7eb951191db7e4e50113dc0e58783b57

SHA1
30d60cbb8e81a5ca45b9293c5ecafcf7cfe34862

SHA256
164903184499b29719aad7aa3f4cd9720f922a922f1c1241bb08ea7fa47cb3b6

SHA512
e0debacf707f834b735053e6e4599f912977fec79cb150f1f02b9439e990ddfc91cb3069441163767cccfac194ed91452a277dd90e053297c13559aff54def70

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7eb951191db7e4e50113dc0e58783b57

SHA1
30d60cbb8e81a5ca45b9293c5ecafcf7cfe34862

SHA256
164903184499b29719aad7aa3f4cd9720f922a922f1c1241bb08ea7fa47cb3b6

SHA512
e0debacf707f834b735053e6e4599f912977fec79cb150f1f02b9439e990ddfc91cb3069441163767cccfac194ed91452a277dd90e053297c13559aff54def70

Download Submit
memory/1700-71-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/1700-84-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1700-273-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2212-272-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2212-284-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2212-70-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2212-72-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2656-73-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/2656-270-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2656-271-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2656-57-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2656-76-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/2656-54-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download
memory/2656-55-0x0000000000B30000-0x0000000001BB4000-memory.dmp

Filesize
16.5MB

Download