55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
1s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/02/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
PID:3240
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  PID:2760
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
c106a1797de3c6c1ef2c7e4b474648b7

SHA1
5175eaa76802049ed467027b70cdc1056fff2a7a

SHA256
9713190d2f3561e2e16064dd80fe1729d04c152c07906bfdffd1d43221e0ad56

SHA512
5bb070d37fa115b7883327409dbeb935e23bc1938e10a3ea9e04eb0a8d91a7e5bf50a453195ca59dbcee221db721e949b335f49a03b3110e8dc94a58550a156d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
bc030caa2d446f331a7782e2c959abf3

SHA1
622c3a569e31cd38d182e253e33a95edacf46d50

SHA256
ecac302b33879855d5cf11f6e2a402d183e062b52af9cd2c162d817ae2ed25b5

SHA512
86c0d0d6184ed0e57670b56a8029e13c51febf9eb9d9b91d49a873b31a85ccc46584d5747ceb0444140b8cfdba63cb8dd57392c1166c98cf8d34ee861e4ca385

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
5723d8734b136bbd05de935b043aa098

SHA1
00f83418fb61773ee5a98410482a0d2d2bb33968

SHA256
04bcf046c327998bfab6a6c78593534a9a3e46e80c705e8ba401e60b96b8765d

SHA512
afadef0a18654bed7d7deba49ee1d0ad53a313056ffe8887795f7696263148b297372754010063958d6344a52fd9b2aa30cb6630ed26d93e6d97b40c27107b7b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
130401b46050fb4e75f539dca0158ca8

SHA1
2278c04fd3a9116f2ffa5af098dae3dab2b16fdf

SHA256
e0d6219778267c38fedb87c15ee1c529c7350ad7c292fea17bd8956da69ce2fd

SHA512
051ceb5275b9ccfd46397bf48d6069d6faf267eec7d6624dc74c5edcbb6f3d9a82d51f28c9b7e3d2173e6d474920d2dea153db406f29de3c576573f141d52c60

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
b58786494ae6893dfe7ced48620741b0

SHA1
c4b5dad17e629871197a4f4d21fa9776ff5f11e2

SHA256
9baed68083e627f420192bd2c93d09d935a616bc5625019ad9e242e35d80c4de

SHA512
c56d650786ea3e0300fda0cf2bf94199731567f307640a23fc3a83de543eca6bf5fcefdcc57f6110a29bc3b4f80083862a1d8401a3937307ef54701f8fe8e540

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
75c354240512119de34226d0e047bf5f

SHA1
467f7f948610a16ed8943290164192232714bc53

SHA256
518bb409f5c75903a9ef94d724119fbcec14df1e949e2f11e892ce5b9848c794

SHA512
394780f862cbee51593b8f8781c6c9aec8b0b43d0eba20f93b774f82a8517e8e530b0011ff77682c8f9671163a97411278cd02beb6b2471cac6bee5c3dfb545c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
912513d6c94832977ac5160d8e9a4df7

SHA1
67039c776e0608a5ae90cc6d2e858ee090586486

SHA256
79892f6a06266e6d9b9f1922f8ed6f8fe2a53a87322d9b4fe552389371511b44

SHA512
c3b237d44fe5ec57bf52d3f3c9259dfb3c5da1ef626cf697af1e08b04caf51174f53025f99eff511cd09cbc736a3f5876e0bc43a2e0e8937e26f15b58960172e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f101e2f1faf0fb029f8bb63a778d57fc

SHA1
69b79b346a2d8757151165d35beafecdd208abc7

SHA256
4a32243af66df0e8f0fbd209d024aa2dde679f9b6b04dc4a01554d4429c1f612

SHA512
5941242375434cead10dc72292eb9b47ea480928bde183fc64a06fc113265c57960e67d28802c5397019b886771857ea1825a474e2b870c0a8dda6256028485d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
3ddcef82e6c75c513dc5e94a3ca71d8d

SHA1
36220fdf0e5b30a4e52f3644547cb665425a110d

SHA256
90e71787436347341377c79501254b4b4a58333d3aaa7632740c26a4c424d780

SHA512
adfac5cc915d9fa69252f2b2b5bac425d5b528882c109d975b13b75fbe1131a68afc5aa497d1b39f351f172212975ef92f5a8a5db2df8ac29df29107e861e7ce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
b8f45e54486045d137bdb68d7f8f9122

SHA1
77f9dac75e3b26f83a2a502457c595ec9f919bbf

SHA256
fc4556512721e0e1132c00da525c1e6ea0d4bf961626688c68beeb2ef22cea7d

SHA512
8eb37b2b2033a561cb9a5a5d45dc85a5416cfcec4bdb3cb8c19a06b7cacf5131190e78650199afdb9c97fa0674337633f6079932a9881898d2d55774ac29daf7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
52a7221473c216f5fa0738bbc14add5e

SHA1
680fab2c992646ec17c861bd8892c74a545508c5

SHA256
786386f9d6459d1c01cb6a8e14d447c6141fa59740feeed938d5bb77611ad016

SHA512
2918a23ade8bf9d01824f1e6ddc47d06ef2ac15f8f6f5de6bc645932bbf8b6628d6c9107790bcd5c237787569549da786e807aa576f5afec088463244c104fa5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ae6537711cba646202b4d7d3d3e03bef

SHA1
9892e5e967ee77d9021f55892688a1afa6940d98

SHA256
61d97e8d37569a6af970e7d6e21a5ac1a6ea4421bcd62de5a3f33a0c7beea332

SHA512
4565e70c7ea9f2b1fd33ec446932321bccaede526f15415fd2751c83a2fa5cc40fd5914603b9cb7f473469b17452dbfdd5f6b0392de8db5fa230169f3b68cdc6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
85f0893dc87e88374262a76260d6ad4e

SHA1
3d1dbd14abf63919acef58e01f7f99ea74ecfde0

SHA256
c01eb29c4ae59c3cef55fa55b99afb504f6a5c6785fd019beceab813c6ab94a2

SHA512
7f764e475501c17c6fd2bb498fc5788945b5c069a7ddc7fa7284df263131cbbada4b6d59803a8954762b610b24edf3f97d7bc843ab9b1506d54cdab65d884714

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
c9b9d7b55b041d3deb067bc56da19730

SHA1
c01afb900c41935b58250c3e06b76be1b3d6cba9

SHA256
288a1e94d945145e72e5236625971be0b716d9e963b5f0f877d1eac102239b70

SHA512
cd97ccc5e9af48d48b6eba0c21fa0d4006059a4d14b0b06b566bc4fd0b9d71eea0ecd5cbca8f8be47c0f1e4ef8f8cd62382e9a01112e3cff78e23f7b41f56ae5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
bd7d9beb877b5be01ede0e19e8718fd7

SHA1
d333b52a50e568fecaa58baaa1d4d75070bb4109

SHA256
895f9432524c901fd18c621d821cb298f5a3d207cbcc9c1b7bcbe6825775297a

SHA512
08b5f12f02fd30cd01dea4e6a8f61a508f111f9a203976e90a0be5e4c147e5db70498008c50f6171c9ba29ed2593c1fc4b8847919aa35014d500dbfc23fe249a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
be730461b14a1f4ee5f411cccc10408a

SHA1
ba5001bae5e74d6c9f5bc8746ea2f9bb4bc16b87

SHA256
616b58c05ba974d7c16c396cc3f2d13283ad9db34e2620e00ace7920d8c34094

SHA512
31df44be6a0790526374739c6bddc5175bc89c3e9260f2d99aa48f5db540333b1e4701b59ee2db072c0ee4d8795e541bac5bf8c36bdacf5594e9e6583b7a02c0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
5fca74cf2f1e740376be66eb6748166c

SHA1
9044d0eb62a460f733c6c33bf9770a2b54dc041a

SHA256
d33171728a14d5414b97a343d8f25e2c01ccd37408243ae8841833c3363fcd8b

SHA512
c0e46c9a3a1e925c8ece114c03145ec536c5a4c9998aff22bd58d18004e8c696a02a63d7b99c938f8e6078bbcd237416e1e3dc131e5da879def90132a3b30c83

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8e52dc645023a5b5e8cf251e42fea627

SHA1
cd249d3e6bff137d54cf384306899de64cf84862

SHA256
b27348db2d2e470336fbb2acc75679e8c11919f47756ae02f314892aea0c4922

SHA512
64904fa3e1e6f1c49ab6f9763a819b51edbb60be2097c5ee039656c3660e7ecd01dfa352a579223ab40646db7f8ddf185e4ee0f525e36a6f7ec0109a00458a27

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
42e35b32e53178296c980b5f67c891c9

SHA1
bdded92238edf3c5d5bed36ab946374e3fcb10ab

SHA256
7bb584b21f142e67d0c734f87a40c39e478357939acaf10b2797a50438ceae20

SHA512
7fd54ecac991deb5f8f0ff4b390330d7b7dc9925bbcf67e0dbfd51bcb7d1bd71aa91d5e37e650d9b51d8f28f7fccd81e12eb33ec2d872beec792d787b1667bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
fd43e9d7ea04f5ffd8c2ba1cfd219e21

SHA1
4a6a72c23970b42ff573b456eace4a92782a0ece

SHA256
9414170ea3bc0465e1d1f3f27858f01f034b181e2d71b43c8291a90313e41def

SHA512
59626a1eefcc7b3638a9f6c0c9ff2e654cb748392e30b9772f3f77e1db1d1dd38a0a6ac9e75872667f1260ec41ab9c0fd37cd1cf985e3e7d6b890e8558181ecf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
69dabe8b775bd5c8296b72020d21745d

SHA1
729962cd0ded72107e266c378823b5dd0ea23456

SHA256
1dc5f763a17260253ed20c1a464d7c10482f1195297e234f260b3fec308fee2e

SHA512
28b5c9bc9e9fbbca867c4b863c337e87611b27a8e0d750cdf9b81d4aeffdefd8f9059715a5803d2ce9dcc0cb35a338f4b4312de149a347b891f51099b27b1e28

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
3006eb7560d98d8f6eaf85baf6a0c1cc

SHA1
474c678a7c35851798681f62400da0ead44d6783

SHA256
75c6f8deeb1b3ee1717285be096f27a47375f6e68d927da55a227f5fd839eaee

SHA512
9c306b2e7de97b4cd4e2635d79f49775dbf15521dca889010225888a1114005351ce18dc757a2aa4990cca82d2b4da49e449686b2241aa4c9ac71a2bb9379f89

Download Submit
memory/2760-246-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/2760-32-0x00000000039D0000-0x00000000039D1000-memory.dmp

Filesize
4KB

Download
memory/2760-12-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/3240-31-0x0000000005BA0000-0x0000000005BA1000-memory.dmp

Filesize
4KB

Download
memory/3240-250-0x0000000008750000-0x0000000008751000-memory.dmp

Filesize
4KB

Download
memory/3240-33-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/3240-243-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/3240-295-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/3240-1-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/3240-90-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/3240-252-0x00000000087D0000-0x00000000087D1000-memory.dmp

Filesize
4KB

Download
memory/3240-251-0x00000000087C0000-0x00000000087C1000-memory.dmp

Filesize
4KB

Download
memory/3240-233-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/3240-249-0x00000000087A0000-0x00000000087A1000-memory.dmp

Filesize
4KB

Download
memory/3240-0-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/3240-4-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3240-87-0x0000000008270000-0x0000000008271000-memory.dmp

Filesize
4KB

Download
memory/4284-13-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download
memory/4284-21-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/4284-245-0x0000000000230000-0x0000000001967000-memory.dmp

Filesize
23.2MB

Download