bb99d82c785b174928e89e5895121c562b14888d03ca61ff93c0050af87b07fc

Analysis

max time kernel
145s
max time network
145s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
30-10-2023 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LiveChat.exe
Size

3.9MB
MD5

17d3cc33a125d39097b58d5f653407d5
SHA1

818948f6b9eb98be0e0776593737b58ad6b2754e
SHA256

bb99d82c785b174928e89e5895121c562b14888d03ca61ff93c0050af87b07fc
SHA512

9e14395f043756c95174e82519a0070ce6554abe5bc4ed10765d476c67b5e7fb3f0d7b486c59ad12e9d5c26601fe16b08d870a777a3341d679079fc05c389a90
SSDEEP

98304:5F4uPbhDU4Wdtqd6jDJAwwvx9CESoN0SwXOc3VpdilL:TT24ZgjFTwvnSRSWO2fiV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LiveChat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	LiveChat.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2288	LiveChat.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2688	LiveChat.exe
2688	LiveChat.exe
2688	LiveChat.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2688	LiveChat.exe
2688	LiveChat.exe
2688	LiveChat.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2288	2100	LiveChat.exe	28
PID 2100 wrote to memory of 2288	2100	LiveChat.exe	28
PID 2100 wrote to memory of 2288	2100	LiveChat.exe	28
PID 2100 wrote to memory of 2288	2100	LiveChat.exe	28
PID 2100 wrote to memory of 2688	2100	LiveChat.exe	29
PID 2100 wrote to memory of 2688	2100	LiveChat.exe	29
PID 2100 wrote to memory of 2688	2100	LiveChat.exe	29
PID 2100 wrote to memory of 2688	2100	LiveChat.exe	29

C:\Users\Admin\AppData\Local\Temp\LiveChat.exe
"C:\Users\Admin\AppData\Local\Temp\LiveChat.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\LiveChat.exe
  "C:\Users\Admin\AppData\Local\Temp\LiveChat.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\LiveChat.exe
  "C:\Users\Admin\AppData\Local\Temp\LiveChat.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
b0ba313c1b99bd68e082e628c76427c0

SHA1
903c0976f910f29784cfba5acffcd09c4c5e5a65

SHA256
7201c3ac1e5c7903a025662122bd5335604eef19008c5bacdf10e70ecbc62ef5

SHA512
fbe6d9715eb8a2b2aae0df8230d6d478d06026bfdd595705fe40ab606cc854affe5bbcbadf992996bac26d92520ae7e788df39424f262ee8782e16712c554c86

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
259218fd08fe17dc3116530393e9634a

SHA1
96d11d3bca57aaf919d141e26ec3cd19b020fded

SHA256
45b00c0679fa055ed8be9d23fe07fe59cd6f84b710a702cbd1f307ba1223c2b2

SHA512
0467ef3da398537385a8599eec22b6c6faa316397997884401e4c7ed4b83116227f49e927140f62eed73745dc42af4fb3692dc2aadc1e06fec13bf0aacbcfade

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b382427f3b750289284bc27db042079f

SHA1
83521d01fb036d3584dfc22ff0d786505dc6e04b

SHA256
156945359adab10ff2e953b615c1a2c4019ff6ed91120409ae643513da66a7a4

SHA512
85883888dceac923dc4a4e4f95b98a56be06018fe21eef2882723dac5b179b69ec49a9c9951de0d6d047873e155a32d4be28436a6fde2f63cd8ae81febd28ef8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7502cd14f760d55fec0db2caf9c89f09

SHA1
f426f45b6b3ed00ef677bfa3077712fb9d248587

SHA256
ce5d018f835e5986626e59f8236a0c1d94b83f899813f0b04409e61fb767fd06

SHA512
4117f6779e4ba041d426c434dced708c388e1f4de1e8705706f4924cb388b84103c4c14f95d25851089b4a3254052303c0f54a93c093e774abd368101be35d98

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7502cd14f760d55fec0db2caf9c89f09

SHA1
f426f45b6b3ed00ef677bfa3077712fb9d248587

SHA256
ce5d018f835e5986626e59f8236a0c1d94b83f899813f0b04409e61fb767fd06

SHA512
4117f6779e4ba041d426c434dced708c388e1f4de1e8705706f4924cb388b84103c4c14f95d25851089b4a3254052303c0f54a93c093e774abd368101be35d98

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
5cfecf6ef25d8a7b388924627f78a4f9

SHA1
0f92949014681811909e21e02c10ecfbf33458c4

SHA256
1f31a5e0aa9238563a166a7d9697d1f925704bc34cfb21c47cfb043f474ccd3f

SHA512
d6b05900e95721017d2f8e10588040a0f5b09e63bd3c2c18e88914e25a31358e55ad49155fa665732d7de84d77d9f287d7f75d3a455e161c5922b49f6fc3bcd2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
5cfecf6ef25d8a7b388924627f78a4f9

SHA1
0f92949014681811909e21e02c10ecfbf33458c4

SHA256
1f31a5e0aa9238563a166a7d9697d1f925704bc34cfb21c47cfb043f474ccd3f

SHA512
d6b05900e95721017d2f8e10588040a0f5b09e63bd3c2c18e88914e25a31358e55ad49155fa665732d7de84d77d9f287d7f75d3a455e161c5922b49f6fc3bcd2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
26c9a22fd5d20fa36e1ad9ab883554fe

SHA1
3c4e11b652142c8ebaca75577827a6e9efc21e3e

SHA256
9294fca5fbe9c454117c4ff190e49fbdc02a21a0ba9f7d1e7bd9256e5d308aee

SHA512
39ed57ea9180b126b3246d0dc2eb7c56f7e91469589f5c5e3f6493b5332ebe9526fb51736685eb572b8ecbf466cce03ef3f7214835cd0b48e24bca6f66ca1f7f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
792B

MD5
19e71a6007e02df336a4106055d909fb

SHA1
a6d91a2e6ea39dfa553a0594b135bf1200db8a18

SHA256
3f9b18046a67175e8d444f43bb6e2e7d4dda9b7f0e8dc0bc082dc14e4f0ab59b

SHA512
6e2783126031b9c20ff01d8e37ef4120ef530b8816a239dfe4a34e81b32f2314281b12c6cddb5542e62256a785b74a1e2aac6d6f0751d395f262f55a1bb13450

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
a2eb1e218313547ab82b576c17e8cbd8

SHA1
2a3261f166230cc10fa153fa75ae1f917941bf57

SHA256
d3f032ee6b35563007f0a8a1beb365fe493667fe60399e99c0923e9135229d7c

SHA512
ef88795cc27b276bed9b21e7d11518888807344f8713dc9f4002584c570c0b066fe274a10c10b0069d8030e890c04e5cb1eac2535a8ae1da6a7a6ac1a6c69c29

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
a2eb1e218313547ab82b576c17e8cbd8

SHA1
2a3261f166230cc10fa153fa75ae1f917941bf57

SHA256
d3f032ee6b35563007f0a8a1beb365fe493667fe60399e99c0923e9135229d7c

SHA512
ef88795cc27b276bed9b21e7d11518888807344f8713dc9f4002584c570c0b066fe274a10c10b0069d8030e890c04e5cb1eac2535a8ae1da6a7a6ac1a6c69c29

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
a2eb1e218313547ab82b576c17e8cbd8

SHA1
2a3261f166230cc10fa153fa75ae1f917941bf57

SHA256
d3f032ee6b35563007f0a8a1beb365fe493667fe60399e99c0923e9135229d7c

SHA512
ef88795cc27b276bed9b21e7d11518888807344f8713dc9f4002584c570c0b066fe274a10c10b0069d8030e890c04e5cb1eac2535a8ae1da6a7a6ac1a6c69c29

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a77c17808a3e222fd1f5d9ebf53a94b8

SHA1
f036966820a075f686a1f3c08de385cc7f473f1a

SHA256
73e8c425f36ec71857ee9cd788370fa14817f4a2745788ed7f1d3ed869f24309

SHA512
92d8cc6d421a3f5ccdb7ab67efb99d71f3d6bd1e3541dd88ac3a77140f21dd41ac9939673ef29312e27dea0a5cbce942bc6187bb2a7557465dbed694d6483cb7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
e963204d662fc1020a1014d7e2c43d25

SHA1
d5b8d39de9e225a6526036162f51b19f49151c2f

SHA256
8f3dba6fff0b6448360c571753ba2f968e6157cc4a99091f4f81fa19679fc4e2

SHA512
309afb58ecdba5927c1d085b6fb03711ed16a5e094c94c42af25e023798464516734c88d30b4ef491ab5342b55df24e1520500727bbfcd9326b7fe285e7e0bda

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
56c1a638e0e891e0fdcc066c98fcdb8b

SHA1
77cc74e84ed2df575c25459d46d314810d862292

SHA256
d243cfe3898a8b5997b9626a19c97bc73ce284d515e496003324cc91378bb7d4

SHA512
6cc3ef5a167ddfb3c558d054096b11d38f0fa6b45aa7b843731a0e2b3441138fb650b892dd87701c7f38608a1f90cc8fa6dcf40a5aa2e5a81531ac9eaa609173

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
56c1a638e0e891e0fdcc066c98fcdb8b

SHA1
77cc74e84ed2df575c25459d46d314810d862292

SHA256
d243cfe3898a8b5997b9626a19c97bc73ce284d515e496003324cc91378bb7d4

SHA512
6cc3ef5a167ddfb3c558d054096b11d38f0fa6b45aa7b843731a0e2b3441138fb650b892dd87701c7f38608a1f90cc8fa6dcf40a5aa2e5a81531ac9eaa609173

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
5737069d914e51d1cdce4295c3d7997d

SHA1
ebab15aeb07306e5cb8aedcd6a4a923b356ee57a

SHA256
f064ac74dab42ac35a83b03fa39e8eb51d8c004f2afb369db36677d68bfa71ce

SHA512
15555d006bcebd38f331425f5d4e79614f4ab2bf42fa74684786ba5b9faba590708ae98db7258f0b3e97872e9ae717f1aded5ac195c3866e168b199f2b4660a2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c0841bea5eb1f69ddb6eee57676773d6

SHA1
98d86118ebf78560b3656bc6c26a44923e28a022

SHA256
80f9fc3440408691af455f331e12c72145fa35ce12987d34d57d5780652f77ab

SHA512
6b7f015383993c35a28ba127962f9c5893c83f3117636921b4a8d63f20bd10ede26082933bdf251a02178bf239b2de9249d84d1bf15ec3cbe5bd58192d1657ee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
9a2e23469a63bf5072d33343232ef85e

SHA1
1ca8d98e6c01e9ee6d03222eb557e16a69d8d48b

SHA256
503c7b20edd9b20145d41375f81c0bd833285c2d2221f91e87f0a661d1610246

SHA512
4c679e53c2ae034420d9adf26c93124a614247c47a2f334020b0fa85f3f84b51472ce0adc996f23f55c569d9c49d3923df3d4ca256b44d42a3057b3eb86624e5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
9a2e23469a63bf5072d33343232ef85e

SHA1
1ca8d98e6c01e9ee6d03222eb557e16a69d8d48b

SHA256
503c7b20edd9b20145d41375f81c0bd833285c2d2221f91e87f0a661d1610246

SHA512
4c679e53c2ae034420d9adf26c93124a614247c47a2f334020b0fa85f3f84b51472ce0adc996f23f55c569d9c49d3923df3d4ca256b44d42a3057b3eb86624e5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
2b175e52d23156757093c073bb9f5170

SHA1
ace59203e736af6b4e80ef962d1eee2a5591bfaf

SHA256
ca9a4ca63abb11db4454a01074fc0e7fdfb5607f01565269c7f988399cc302df

SHA512
fb10dcd5910653d6b1836f9a8529120015bcd723ee6d130b2432bd200bead5d3a03ef8de7cca81f0df4751f0e76b1823151238aa464fe0d77a8630787f72646e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c0841bea5eb1f69ddb6eee57676773d6

SHA1
98d86118ebf78560b3656bc6c26a44923e28a022

SHA256
80f9fc3440408691af455f331e12c72145fa35ce12987d34d57d5780652f77ab

SHA512
6b7f015383993c35a28ba127962f9c5893c83f3117636921b4a8d63f20bd10ede26082933bdf251a02178bf239b2de9249d84d1bf15ec3cbe5bd58192d1657ee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1f312b44cf677e155e0e97f17666b43c

SHA1
7ede5c45504df3d41871317a3d13ef81b3c3fd5e

SHA256
46818d8568eb2415ec9d4f1a0c517f5ce512c1d0ff2d0823e812c6333c107e61

SHA512
6aa5c52f91cc3b743ad6864d343596b4662e39331434cb6ae0cb9834e2415015c69a78cc1f103e94099d0c01868bd7801fa1a1c0f5b66c31f66dee9bb086f640

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f30cf11486f8e524cb317c54e7b4e2df

SHA1
d8b90f545fe51f484d5006ffba2ef41ea4f1fea8

SHA256
4651438fed68b6adbd9573b67bc5dd07abb46ea72050ba6bc6c402ad58fcd25f

SHA512
06be963c09165125993915855d760946a3ee89ee35c0d8a3b279b307ee7625eea1e1db5130e2abb2aa8a9d198040b7573020f399cd7a561a7e9e7ea8f81670b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f30cf11486f8e524cb317c54e7b4e2df

SHA1
d8b90f545fe51f484d5006ffba2ef41ea4f1fea8

SHA256
4651438fed68b6adbd9573b67bc5dd07abb46ea72050ba6bc6c402ad58fcd25f

SHA512
06be963c09165125993915855d760946a3ee89ee35c0d8a3b279b307ee7625eea1e1db5130e2abb2aa8a9d198040b7573020f399cd7a561a7e9e7ea8f81670b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f30cf11486f8e524cb317c54e7b4e2df

SHA1
d8b90f545fe51f484d5006ffba2ef41ea4f1fea8

SHA256
4651438fed68b6adbd9573b67bc5dd07abb46ea72050ba6bc6c402ad58fcd25f

SHA512
06be963c09165125993915855d760946a3ee89ee35c0d8a3b279b307ee7625eea1e1db5130e2abb2aa8a9d198040b7573020f399cd7a561a7e9e7ea8f81670b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f30cf11486f8e524cb317c54e7b4e2df

SHA1
d8b90f545fe51f484d5006ffba2ef41ea4f1fea8

SHA256
4651438fed68b6adbd9573b67bc5dd07abb46ea72050ba6bc6c402ad58fcd25f

SHA512
06be963c09165125993915855d760946a3ee89ee35c0d8a3b279b307ee7625eea1e1db5130e2abb2aa8a9d198040b7573020f399cd7a561a7e9e7ea8f81670b6

Download Submit
memory/2100-3-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2100-242-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2100-2-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2100-0-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2100-90-0x0000000004820000-0x0000000004821000-memory.dmp

Filesize
4KB

Download
memory/2100-26-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2100-127-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2100-131-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2100-27-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/2288-11-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2288-142-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2288-140-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2288-253-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2688-141-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2688-48-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2688-10-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download
memory/2688-254-0x0000000001130000-0x00000000021B5000-memory.dmp

Filesize
16.5MB

Download