55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
2s
max time network
45s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-01-2024 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
PID:1752
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  PID:2876
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
af720fbc52de1b690eef96ea17a3ca38

SHA1
a3b95d24bb66367632e62d5b9f666834c6a4f8e6

SHA256
0dd7680dcf3de7fe0d37fe61fbcb52a66fe422e7d1ce9abe5975c6be445434db

SHA512
210f63eae1c5c3101f465484182c36bcc7957e73915d2fdc88c9d5bc15558f20263c7b909eaf1c69bccd69a5d56cc1585720a17982dab195065614e92a542d16

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
41a287be99b92b2073e3d48d20d4cb8b

SHA1
32f98b4055a9e14b71fa6af2a5378fd577afbb21

SHA256
4bc9b68a9aed6185c8d12f329fe2745c03d6cd5d09c918ab4ce3e64f0fbb2ae6

SHA512
8f0cb4c16cf0fea59a7cabef8d425c252edc38a09894f2c5def8c92d867e0c8f47f5e3fb952da361127f9cb717bd5d6810d812fb7de193df0453722d55a7f8f2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e903fda33097058860f0a8dd66bf7a27

SHA1
a03299b650702210c7e6b7f271575ee51f6f40ca

SHA256
d7c2a51a28f7702cd34dab14749ea0f4150a8e0f2c6e6d51a125f5c88c6d657b

SHA512
4b0bca8d3c079d1f980af5be4ae0c90cc6ce7225233ae663238a6d5fcf28694bdcc08ae6ba56ead3b274f5a5fc2058acc88e5c6cbb0e27005f50eb75bac7564b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
f439b533b9f3d6c3e57bb2c5628c421b

SHA1
860d5e69250a825308358614649cdaee95989758

SHA256
7c5300560f0597952b2b706413ed3d195f387be7b5f0da879fd31eba1f9ca65b

SHA512
86c1f52a24517b04231212a2e9a5f3ca68f72dc36303184392f3d4033a252aafffb4941ff67d4634e28e62baae7893e1153378b9f892d8e34da10d8a00070b43

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
ec4fe88de224397426aa0d1f60b5dd7c

SHA1
db1ee48c57ad36468888b06fe6f0c103d3037e67

SHA256
a181ef463236626ee149873979c4e62e0836c5666074af0f11ffaaf7cab3933b

SHA512
a44b78f2e051bc15f9e9982b260a1ed4651669b27d30073a723e881fcf75868274e8affef94852681a7ced5c17c40becc40e6d337371733635de4504babf2e14

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
e2ea2926ffbf8f6de83eb6e3c3f76cab

SHA1
c810c3d4518b30a45be69d0a07a85f753bf9cdbc

SHA256
01d1774f5ce65b61527aabcfe49163971de750a0902dc94da6c90b6760b557e2

SHA512
4316edda5500ca690dbf14bf6aab8951e57caa207bef5b08238301b9033369fb3ffb1fa0d9cd5de4130983bcee6bf3e1fe89a64284c36957a3cc5c43fff1cc6b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
2dced077e67816418f509789fccb1be0

SHA1
85df72e682638173d91a3f4bda7391ca7451e22b

SHA256
79707b7064ab8edfad626307c9af6cffb78b412fc636b8e97311d5b0c072df39

SHA512
5b04912032d27a8ca5ff23d253b57dcb958c1a375f558aa6f63907b6ec3410a29075c2ca0eefcf51c562c8573b7e231355a5e4d761c5676b53b6a3eadc846c4f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
7cfb2d7c904cbdfe639a7c6ddb5c714b

SHA1
d7417b6c01e939501fa1cb29db324c61d52169e7

SHA256
4b4f457b03153f2abf97b8688f6bdcf019f8e70939efbf1d077ad52bd3fa2e1c

SHA512
c912e31e0f5b442e9871385bd101eb41837249a1c84a347c3350dd2460a1320a44061de2b4d07d825f6965c2b9e6dc6c39d4059684b729e858f91cf00dbf999e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
431c14f477875c0d6b3401aaba22612c

SHA1
816678e782433497fa4fafbaf43eaf2c2bff4f3a

SHA256
05289e601f717b26b8b5d12231632e5deaa1767810cd61649e1c30d071d8c6d4

SHA512
d014ee95278fd0060ee941e1244b59cea9be4df76b5e31ab43193cec4926cc5024ac162fe60c6e57c6ff8adb5b5f6ec386d04236f400cf0509f9d49e92302d4d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bc62c409bf81c30b42164b9d4b020d26

SHA1
3e8a4163843c397393daa46def91f2a5049c40b2

SHA256
a5050947361a750237762032216ef2b10a320dd4f5f84a686aa911a2fec5c8ed

SHA512
176914ff314132d3ef1aff6dc294a9b6db96f2699e1050f39727e8e3a152a1afbf2ff50661376405ad9689c51f496be9fa3b9703a31c32b4786abbf30e7e09ce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
342970dcea325f799a399281ced6776e

SHA1
f2859701fe0706376bed2065d4d9220106a48394

SHA256
2a6388663c28d784fad1ecf18640d57ce59ff8232ff09714d250085fab788d1b

SHA512
8dae96ef87857a0802c72f445fe8f10ca3dc22d20997df3f0a4fae23be5019721c437ba5669b7c47cbdbebc8da9c5e0b74880a4d681385574ef61aec3470bd25

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e905bc9b0b7a067203a51490dc0b5401

SHA1
df6d6f7d4765be4d21a2ad4530b05420cd3fed25

SHA256
1487abe7eab7f2e7004e45053062e09416d8bc0e6144fdd4597fa248db1c8680

SHA512
4dfd67ab509723d664875e0955adb050dac30828bab34ce19201845a9c7ebbf94b0451ef1880a0e49ac8b643ba3ce8d01237156c0ace5ea1d64239dffa4a81fe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
f1325e5df82c7d040bdaab02534b50c6

SHA1
558df68791efd7dafaa6a0e95f28100aa7e9ae7d

SHA256
d251e9173b8a746e4e26cdfe47eccf92c24253b716f4f73a490b5a52bb265880

SHA512
de6ff74eac34b89a357e3ee52e59a1dd05e58bfe261f01dd1de4425f5dbde947e96f37e048da3c565199e1805e214c525c095778cd5093a0c04dd34ee3be331a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
0e19640595387648628fc142c6af25ee

SHA1
996610e08ef4c007e1f162335b7ec106ab49583e

SHA256
b0263e043fd344199bd9c18a83d709851202448e94e80546c6547fa366a90422

SHA512
64a0b435363f86a7a4670e0fa96e561225f9603ad91973dd86d9631ed931c1bbc164cac06b839ab684bef8bca401ca05e3c453c16139b00ed34660f0904b4bce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b0487e519180e8bcd26efcdfe1f1e797

SHA1
d67c9be78500f58d5561aeb222f1b59b60674a4b

SHA256
36e07f1e89d2c7138245fe75f531fa781ad58cf79da9807bb166fa98363e5ae4

SHA512
d7c9d71f8ed393660a28a7c1d387700e83ff2906e76c4ca4067068d11159924500fc4152d566b9312ddc4c729adbca0be1aae1effe63d94efe0310e9af4553bc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
c5157d130b0f7d0ce9f3491761c9b1ed

SHA1
ba3cce4dabeac31552fcaca6a1c19bd24247cf77

SHA256
3a5a414ecaa1c1157aa5c2167229fec7f89e58ead2bc4719e6993cc47b4762a1

SHA512
211ee1c131a6940f821edebde5e546cf5f4672c4675ab6f783605d0e17da620f35080bbdd4ed756d5e815e35b203e873647f378ace2588916d2a0aa6dd493338

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5a16b9c084840f47cd14c8360659d65a

SHA1
da2f1260f76f8883902364226da1ebc4d8453c51

SHA256
8600f2113106dffc78d2a15e514bcb75c49d09c1ec797c2482ab406ea096071a

SHA512
0ef3915766c1f892c695c8bff73d946c44ef69791b4912f752c91c70ae544c22addd0304b9d1324e58f0c3256508c5f61271bd38aa47ba3633ca164072fb66c2

Download Submit
memory/1752-107-0x00000000050D0000-0x00000000050D1000-memory.dmp

Filesize
4KB

Download
memory/1752-21-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

Filesize
4KB

Download
memory/1752-114-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/1752-275-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/1752-274-0x00000000043B0000-0x00000000043B1000-memory.dmp

Filesize
4KB

Download
memory/1752-0-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/1752-132-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/1752-1-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/1752-4-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1752-117-0x00000000043A0000-0x00000000043A1000-memory.dmp

Filesize
4KB

Download
memory/1752-22-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/2876-11-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/2876-37-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2876-129-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/2876-272-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/2876-120-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/2992-12-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/2992-28-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2992-273-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download
memory/2992-121-0x0000000000E00000-0x0000000002537000-memory.dmp

Filesize
23.2MB

Download