55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Resubmissions

05-02-2024 23:43

240205-3qwsfaaha8 3

04-02-2024 22:00

240204-1w4zwsbge3 10

Analysis

max time kernel
1s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-02-2024 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2760	2072	AnyDesk.exe	29
PID 2072 wrote to memory of 2760	2072	AnyDesk.exe	29
PID 2072 wrote to memory of 2760	2072	AnyDesk.exe	29
PID 2072 wrote to memory of 2760	2072	AnyDesk.exe	29
PID 2072 wrote to memory of 2656	2072	AnyDesk.exe	28
PID 2072 wrote to memory of 2656	2072	AnyDesk.exe	28
PID 2072 wrote to memory of 2656	2072	AnyDesk.exe	28
PID 2072 wrote to memory of 2656	2072	AnyDesk.exe	28

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  PID:2656
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
4KB

MD5
8c761cd5a43f9d44d5bb87872dbc0046

SHA1
fbc1c2fdd00dcde04271760e7f79a31caca26c91

SHA256
27bee2f36d28faae970b9ae988de5710d548f8a91b7e72e21e42aafa6687eea3

SHA512
7d39a27d4b7acbe96cf4f48426dae9268d1945fcde37293eeb4279844dba1dad431518b79799555087dcc445fe26ae7fafd3a0f4b1959fed9c4d3c92b22d8ab2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
fc0308fadea5a43ab837b967e636b17b

SHA1
f0e8a7b9808bd2e1b6de40d8a3c85aa09a7ffca8

SHA256
cefccab4b02003f778f514b77c2233acaf3facd957970e451d7178ddf7c6a6f0

SHA512
3c84aa08b24bd305522a467a3b9d3ebfcd61285fa09606f609e0086d6a42184a9fa4132e8d9e5e9d64a4eff083507bb18bbbac2064c36fb43b90e1d6d2390787

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
561935c617988ef3395cadddefc3f858

SHA1
bbaf68dfd838a97595f1e7654f3b0d0f2c7b997e

SHA256
9d31f77cb52210ddd18ca5668fc76c04e4e5528f83843d4d197d2ef1a2c7901e

SHA512
af3b2e0a809468ef1445512d23d9892e7eb4da3481265b1ccb0d5b0658d558b07f67953af50a73d56552ac85d9177bd646f57603a775a0ac19e0fc6b73796bfa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a0fd1be5a7e0c37a5fed05fbbc35e21f

SHA1
c5d6d0023a888cc2913b8265befa5f215428f34b

SHA256
649394e4f5f30054eb1d0c961cdb59917fe96ee389d673c1e9c21e95b704554c

SHA512
508be16dc5cdbca17fe826b5876789d03b87cdb82090ea10a183b866d00e85bcf1a511ae2bc3467ec8f25485be36cc50b0a6a62c5021bf095a34bc95dc6f3498

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
50a6910e456d95d63c2ad0b764ff5c46

SHA1
a16134a75f96b2bbe8dff244b5b619ea0d570d17

SHA256
72665072e32b186d2b70165fbcca332a8be7a90a34644d7817a4d477aedf7b61

SHA512
2ec0ee0e2a0f58ee3e5f507c24246ce02e51bc3d8aff154e86a56517ffbd7f597dd409cd03af1cebd3aa8f955b5bf5c106c10843774408fc0e485c23e1cbc18b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
c9f3a97d13e674cd5145b0b15c287e2e

SHA1
387a6ac3859a2e0688b9fcad24605c0aae7d0104

SHA256
76395dff472e46187af1d5b03da3a2b08b3db40b83b73392afb5e70d8f5dd57b

SHA512
bbeda92b9f4ded824ab81ccb398fa2587adad3c8d5f1e6bf386269204686d7de6af01a3a2b6db503a4ec650f231c6a1988a4c059688008dff08b13afd18fb0c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
0403f942c25a0d2d72b7ff1f43f0639a

SHA1
6b6386ea81265c3bfef9f8db5b435f3c2cf56955

SHA256
4aba259644dc49068e10996ca141fe1742c88c215a0dc8e11d391576ac862b52

SHA512
b50831a8b9eff37878cef0e3cb2221843de83673a40fa2d3230d12d48156d3347c1764d606b83290a145e895dd418e8d790c665cb2a7619045d72da0a821202b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
009fa0b016e1a638e89ba50586d7e563

SHA1
d2f7f697bec8cb631d4da865711d764308fa5559

SHA256
7a389aa1c6ab3e29d6072ee2a9bcee42c09c91b8a57ea315528ea9bdf5fda4dc

SHA512
f5fea242eb48b7fe312923c00c8a2566b0348dd7f2ab4c4e9306bed425c8d0bebfdd06116a5f8403e9a3b3659ab3c16cd69690680aae16414b3ca4f0d8cfa17b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
d7d304b38c8216581c481ef500159229

SHA1
5589e8b58599f17b710d6595a87216aae8f0971f

SHA256
7bb3e1e4f85701569661fe742d22248d63f27180620f22b591e80a06188a4b8e

SHA512
f39160b61c7521b023be3632b1e1bc210a9818495be0f4d2882cf85f83c7ccbafffb30066294563fd2babe96a8b24d1f78639517ed1b77eb337a31bad84423d3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
206899ccff5f566810a0ce189af50903

SHA1
134e6a41a4883613b8103ef42e71cd297396c82d

SHA256
450583f145a9126232e13be48d3a73ba64ad0da51b2b008b4e334996119af326

SHA512
a1b42a1c09f1a0264e0cc78a38bdf7ea05d69af884d2641cbf878b204d9ee26ffb8737597c6f50892ee56748153d7a8f1b111bb7f9667026528fb4ce3d3af649

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
55b835c7662f3dff33f8950d46f7b286

SHA1
7ced6d73a0c4d5f8e5b8fbf5c8b6495267d0c327

SHA256
87d0b710981c4c5f499297c18f51e1b6be130f9a9105b3d479d732c1db523cde

SHA512
7c40433927964f3fa4861a86af16d55ac3a42587fe0ff5c896d0861a5ccb8224dc91d7c9424e676fd4c5b3306ee75843a3eabff3aea366e3e89b2b5da6c58d51

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
2da075831e15126226437fe7f773155e

SHA1
9e3ce2dcff1bf267f5f4805403b470cb2bbd1b77

SHA256
4ccbe4609fa52c1f62a813467af56918d4d99cddca712636f7eee3368d969a11

SHA512
eee983a4e33358e34dd0b924726f00d7d707f4ab7f7547ecbb7a3dc02cfc73e2478bf59b986981ff6658e3531165ef70b34b3161a4c73d79b8fdcced38994f19

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
192dc95dbe2995bc8f3874d814e54e9e

SHA1
0a0b472462412ddbbae057c75ed40a3e09767a3a

SHA256
7c473967f8f8d5cd84f2f8347d1e576e28e0edd7a11664345966b7e494f6811b

SHA512
5d8f68ce3e12498e09ca40089e135c2c07d5bab54c96bd7b49beab03fd332d3807cff3e5aee4a8e79b587e94fd22d694e23ec594ede5d68c0f71140796ccf100

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
28ec6a79803056bc41b8d85752bb26e0

SHA1
8c1fb7b1f1617b7ca599ac1caa6a1eaaa65ff0aa

SHA256
6daf42a41b274e877d7e729563499c72dab8e9afcd70f1351796520da236d651

SHA512
5c9a0c85ae13f449c9eee13a7740d4ee9c4da933c6a0136f578025cf4915a0379384a71938fe47e722917c754faa1f60e530d47f6833ba0889049d14ca944dbe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ef68c9e2777e93ab5171c22d6795d301

SHA1
483ae2cde3209afd785be2fb7299fc75e8c19b29

SHA256
882c87f09e7841e734cb3086e7c48bbf990a68d6ece599d93d973253904ddb99

SHA512
f17d986b59d1d792455edae901e4769dc9a1a0ed24e4b9adde4e3fd92fa2f4451ebfcf06b0bf0bbc7986dfd3ec3afc1790bc4d9f324cee667c83df4431325bce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
37e9b7d48d486ac127b20363be56e8a6

SHA1
f86788319b1f6c26c21de60edad86b80209c61db

SHA256
3f2abfb60e6f8776d9ab7bd65f7aa46a075674e6cb64732b39c810171ae39b1d

SHA512
36ee6377b06fba3626d1067adf79959bff9d01c7107d04fb4906242387aabbb57da74d9b27291f130d5072a66b0c4c94aac9b982c02220414ced9884fa929670

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
3e19d32083ebac7de94f46b3170cb3b3

SHA1
75578556f6c53f3a2f287b95c1706c4f0b2ecc2f

SHA256
1f28c6c069b63fdbe3cb5068fb3036fd4ab5558f6331478d458d5b904e636eb1

SHA512
324e6770da7d09c7d59e0bcbf4654d58dcd9383dc7b5893e551d9c2eb7787d18933acb07bfa06fe1f80491327647173f3aab48f627f5118241f1fb9cf17d4fa3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
43bea0f2c464eb0f4bf5eb1963f657b5

SHA1
3434c975ed2079b425331766b2507a600c34e0d0

SHA256
e22f2d927beb0ca142c0423ce5b24ddbb34d906e8778cf2ac61d08873e7cf60a

SHA512
070dd0a3ced360ef4aa5f14a6983316867304d3e5696f36f591f8a47ae70bfe6c261c721daa42d6eb3fe179ddf9c566504e07a40b118a7656373e892eb19bddb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1cf5e3016c3e9e5e6b37fbae4feaafce

SHA1
f9f2f1b13770ab4874ac3dd73cb7f3dd8c2a0358

SHA256
94a4ad3b16c7f0b073577aa44b7ec4e89dcd912e4768d5c39e0584063089589c

SHA512
a314c4f23e502f7b1e7d8b1e7c168490c76a2041a83ca784d7ceb3dac4cd60e27fc6ddd1efb85275f15d40aae91dcba69a3f66f374f898a6bd59d33616e1b329

Download Submit
memory/2072-4-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2072-251-0x0000000004F10000-0x0000000004F11000-memory.dmp

Filesize
4KB

Download
memory/2072-27-0x0000000001100000-0x0000000001101000-memory.dmp

Filesize
4KB

Download
memory/2072-262-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2072-0-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2072-30-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/2072-97-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2072-107-0x0000000005660000-0x0000000005661000-memory.dmp

Filesize
4KB

Download
memory/2072-1-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2072-108-0x0000000004F00000-0x0000000004F01000-memory.dmp

Filesize
4KB

Download
memory/2656-12-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2656-24-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2656-101-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2656-264-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2760-11-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2760-37-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2760-100-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download
memory/2760-263-0x0000000001190000-0x00000000028C7000-memory.dmp

Filesize
23.2MB

Download