55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Resubmissions

06-02-2024 14:22

240206-rp1t8aagcq 3

06-02-2024 14:19

240206-rmy8lsagal 1

Analysis

max time kernel
2s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 3116	4676	AnyDesk.exe	78
PID 4676 wrote to memory of 3116	4676	AnyDesk.exe	78
PID 4676 wrote to memory of 3116	4676	AnyDesk.exe	78
PID 4676 wrote to memory of 1488	4676	AnyDesk.exe	77
PID 4676 wrote to memory of 1488	4676	AnyDesk.exe	77
PID 4676 wrote to memory of 1488	4676	AnyDesk.exe	77

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  PID:1488
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  PID:3116

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
94a3800cd07b487c8ea7b23fc358ea29

SHA1
4fb9a6ef780d93728e3adc9c17377f2ee7b2f70b

SHA256
c4cb6a098a5b4108493ab8a117b7cc7f7aac4b8a4df48e32c6909c8a5f96a351

SHA512
ecc32f9527fd245c893ac1256c3ec86c2256f1f1f7d92705348e108a6997ed1588bbf18d0e2d5c2b02e87f8d849ed2856149b823c66be0cad43cdd6719715250

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
306153da52035a4826c245760b8133b0

SHA1
ec5a122f65df784b7b24e8bdf8256f8d18b86e08

SHA256
911d0cbb972286012dc971dc187ee233daa745ac40b401bfafb3566ca3344282

SHA512
53bf4308bc7f17268fb6b2282c1c3b638367b8d3cebec1cdb7574a54d35f993d6f31b7f0ad8b568eea08ef0b0be882eb306e66809f0135c30f2868cc6a995785

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
238KB

MD5
13225dcd131ddb7daff0e48e17f46488

SHA1
9e4b63cab5893a546ba7fc2ddad4d9ceaef1a6e4

SHA256
b7b489d809d623ccc622c697ec3dc3aac86cd74281e004ce7b40f8fd12dae950

SHA512
d6baec59d39660a7ed6c85d0b33f7b16104f19bcd2aa986a653e90e5edd5b8656b44a22cc5a204ee06e25878d827faf339a00ab2c772c9762a6d7df9fda0a6a3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
5bf0633884a904d4c7ce0abc8609393e

SHA1
581409c9612d9f3be94bd2b04618e86ebf474b9c

SHA256
16782c7e47ba27e96ff18cb20ff301613e612c6b47e8460f314ac1fdc5f3ae1c

SHA512
8b06adbfd17fc271fe5e9c25efb8cc259bcf0c459017fc440ae23cbe475ba05cc4c599c7a3871f756c518c67c3c8997f9644397fcfa748ecc93421500fea3966

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
9f7fd54db7428f1aba2b9bbe3ee2c926

SHA1
5433ffdd4413b671af3a932f82da0b7a15fb14b0

SHA256
fdc519c0183d168b7d6d3f2ef110dea4aabd2e4f33fdf2759ac584f217e2819d

SHA512
a3404f5c1b3ea8e43fd3c6b7409be66580fea8b7d9f46e57ce2683e80698395e0fe3d63f0c25475ff29f4a08d10fb5e75d722d15b35bf57c72b6f595eb0a7ecd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
2ec654afb7764824379e6293cc3b0b72

SHA1
5d3c9c39254f40edb9391e744b597bfdd1fe5845

SHA256
74a9f414a058599b75afe417682c28a711b37b31e5f1004ac30c3836bec92f72

SHA512
f4e55a70086e1115c8bd5d9bdae14d3e953c67f10c75035ec63485d6a1d98ccc029ef8bda912e97ccb75475437e085871b1835ab99aef86ba8a3be3d8621e859

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
479e1af5baecf0df7b327e41342b24ca

SHA1
ae1b5bea36891565b92c211fce98beadbd01bff5

SHA256
e2edc97011989cad20325d6d2342f39c3924eac12b2c1ad865e7af3a3d80a1b2

SHA512
3a178e2220755b996e98a777c385d0b0bcec095145b0da21350ecd1cb58c4b14af301953530d616d8ec5602da19356cd29140ace8a7923640462d3049e81f861

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
7804c345d088bba3e0899f5849491a88

SHA1
5b624ef90a74a72642b88ab9270747955c71e5b5

SHA256
7899c7e274fa376e485bab41d3929123e89f2dc6e41bb3f35100ec98a83ff3be

SHA512
4c6dbb0dec67de97ed26267ef238afaa86037b05fccab3023105c426b743856e900965238235b63c1d0433ec51573bf595d7488f5d0741734b3f88382b518879

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
b61f5ef71e677064f6a49a79bc322ac6

SHA1
30611aabbedce23e7b917a36b2394354e48c1f53

SHA256
26bd2ace77a30508a58fef7cd731250fd18e71e760fd16440e45c3807318326b

SHA512
b2f9069bf303fe7e996ebdf224affbb9bab6e466367c9b5d9dbb3a8ac8c1c17e5668eb01e81fc1206aaddaafefbc7e26aabc4ecead118b4c795fe572dc6b1bfe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
aae55a7e71f1c4c4d00bd52873b79256

SHA1
d739b2624c7910c2b48f1bbdd1d2b2d720bd22c0

SHA256
8e59bd4562885c4213de41f42bb3d6bc986546b4ecdf15e7a2a79062b481728b

SHA512
b8b16f652bf9cff9f48b2c5719da62e17e501c7699c63cbbdc23dddacd895f6fc8a5f07ae69fb475570c8b75c6e4dd3526d47e335483e6093f0bf7a47ebc7a26

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
aea036b374c5364835220ee5f5139905

SHA1
26c894977322365a1eb9ed3b69189e6370d522cf

SHA256
9ebc1b213d4629b04d83fdbc4b3ada2910d6c6d4694b1359f709b0bc040250f9

SHA512
b4f4279422723833e7244e415f43b34cba7b8c77631afd2d0d5ab1e9e4598aeca82bb5403cd3c785dd83dc1e3ef8b12e1daa8999b8b6b1bb9e196f5c97f13b88

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
fe482f9dcdb4d5e1881b7d5bcfad0dba

SHA1
18f1ccf741ee9bc4b7632b39b2378989188ef46a

SHA256
be930900e6bd1dcfdc6eb5141ff31795bc006aeb275fde3cb6aa63ab42a2b3ab

SHA512
780e1316f21fa9354addb34febd8dc2e335d4703a4b38d528bcdbf72b3299b0ae553a1dd64ffcfecbebb89aaf59206a1e94388d6e5da3d83df5274efe4f28fbb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
25e275513a5ad856ebafc1dcc26ac4dc

SHA1
939c0bd9d16340a04490036d8d1a7487c0e8df4f

SHA256
2ebb836ce7bf90f80a9d2ec46e29246fa2e021c46d6ffacfbf32df2a24e24dea

SHA512
f17c259218b237fe6504f2e1c3b9bd64edfe9c46d9f1ac1135ce59a1996f171ca9c5606ad2dffd9969bcbb9f2dce0ca3f47ee7d660532b552a7ca0c6bcdfc701

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
28f5a69430462394416a55de790b4acf

SHA1
ffa1705e242f57fa982da218bfee1b34f4c844fd

SHA256
9b2056d4c04f3f4190514d3d6144a24cee39fb11618b65e62ed3c4f29f922a86

SHA512
1bd24bdb7bc5b96515e9e0e2d7d8c3a505640d53224a4fe81a508eda8ec755c4bf21c5730c26678fb7f6005a4d139dc4535105862aca60f413da0d05bd6d9fb2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fa66fff34b84bb3eccd143c2f0cef9a9

SHA1
a945236776fd09781dc8010d624ec6f3bd54903d

SHA256
c699ab1875ceed48684fc764049ae7c883f1e82aca0f37c49bc38a2e0cdc4584

SHA512
a66fc88073351da45f72809e3ff02d2d4832cf77cbb7185a278488417ea1be1784ffd78351dd370b6efbe3636327cee656b27b98128735d1c5c83be4c0f4735c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
4b78da16493e5b731f04c8ce8922fc60

SHA1
c39b9f60f2ed3a623d6b3a29ced8fcd0a7a6ea3a

SHA256
52055880b4ada4f202c5da0bac6379dd9198c01ea96b155162166a50718dde3e

SHA512
14f310bd64a36953526c2ad3d34f7a161cccf99259dd075b5770d55280f5b6575a5b74d16f180cf2b1da2fb5f563fa8216b705f822e145b84f6b3a346fbc966b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
9568b549bf6133c266a1d59c084f7c33

SHA1
edb70180d6f466bb14ba8f0fd3a725baf5d89422

SHA256
5a8b17fd1f576e7cef9e07da47bed191a0d52639482661608ae8571603dc05a3

SHA512
b28681f88bbcf605a84239787f9682574aed08cb8a2b4f8303807b709df8e15357484a7b8d3c9ffb9906958052ad195453346481678ccaf8559c0eb9a49ddfc0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
3572f6d710b938c829373ecc6b9ca278

SHA1
c80cfaeba197c71ee62c5f506a77f56bf28a6888

SHA256
70b484257b2decd752dc4421283b37dc6e07047d03e5dd294240e68810b155f2

SHA512
4e61ac5478a0a23991fd881a9e2b8fca60f4f3e278fff44c22e6c339676acb96302f9acf219aa4cb9a3b88c7b6ae87e7b4a64d547ffb594508eae7608c42e4f3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
36be24848212cb63e5d449f75476f63c

SHA1
0efadc069172d8a1139a06c9ca5523e012fd4456

SHA256
1f19ca1ff2b50862d726eda37c4e5298f602eaaa3b72ebfcece494d82680a68e

SHA512
16ab5e98fe8c0f07cf4c8ad0520864ba9d590d0b6239314c33fa9df92cccba70124a9cb24f456b3b167bb2cc9c237cdcf0749a08b9a3c56b27ba61466e376a07

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
ff84f6c87592ea165dd969c827898a53

SHA1
1dfaa2b57bd15a63b44e0fd53466098a411a48c9

SHA256
bccc9948bcd2e3109817ccca4ab5c671671b2a80d8313871c3a2d8b9554d0161

SHA512
528afe357b66084e169e3d3ece12348c7e6aa630a567ce2585b245d25af5a6e9ec4e2797041f91bedaca419d8785b48300d60eb430fe4eb14e800198ae12fcb0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b5dbf72642b21e73c1ccef97f58e9cd0

SHA1
bdd246d1c69536ce0d4c34cef60ba42241232ff6

SHA256
d765b0efd2c07952c0d8aead82c88515a036b177b8a10f55ba729e07db23b7e8

SHA512
6eb690a61a20ef2f74243d6361819a1a71606f72ee9c7d74afd9d6807662302fea4441c9a0c11b10524e48a0006d1da6264b56b9bf819a80d18fb302c164a425

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
56342a8a36a998945e9fd58b1c90c57c

SHA1
c25dafc86372590dc9ffe0a2f661930f6bbaaa81

SHA256
66ff0660013de05c56cb797c1c469b686540735fcb8277231256e4670d4adf31

SHA512
f76dc1214ef204e66ccd3029f2816d34a1740c950ee40bb36d9d3564d962733fe96aa2ede250e350541846fe551cfc0e083c5bb916e9ba8f307b47afa165d8de

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d0e6cc4305565988a0ca4411880242bd

SHA1
086640d4b25a529de1548051acc5eed51d77ac9a

SHA256
50ce573deaf7b97e2d3641284f0835a85533fd0e28034b34e5f86445e7a2b761

SHA512
c9f2b020a5d0511103ce8c062e1e8d0ca5a1ca2673f31a3fa89bd021006fed0afea9f4164d25936581e028d5a3bfa47fa016842241f6755dffa78968e984ff85

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
dce58195518941a3b353b26c1c858350

SHA1
6af3a6b067ecf15a788c8fdd661011d6d68938c2

SHA256
6b39636b64a66f7f0d852af47d6dee14f126499d63d1465b265fc2e8d3d919aa

SHA512
53dc4b4d72cd75bb325f6c2c6fd322515547f9d4781b72404507dbcb3866244a5b956ca65cb103b4edd69745e56bc9c5c0324749d2879582471517c55f622325

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
20a62d32b8f69cbc8d62a7315681624a

SHA1
ec71cb467fe76eb59e9a24ddc0f973c614e739f8

SHA256
da361f6eef55171fc7ea218205c1dfab9afab0d811a8cedd34176ecee9bf59e4

SHA512
d4b8d0d1bf6ae41de573d5d62e018d43f77c1f00081ac94a81746cb25e5a0a23c22a3d2a9bd29511825250aae2cb7e8dcb196c374d4464030a994bdad5d3edea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
5525cc996e2001ccbf12244c0cdef7e7

SHA1
45e8f2ecfd8c8c8c5e751d393d3995173dd41dcb

SHA256
469c37f116e8967b011e733c849a4b68e7b0bb03edf984166ae31107f9ab81c3

SHA512
a22629d4ca3f7476e6427d11a78118bbb462f35fd70e1d865d1f1da355d724460ac6ba183e39c2288eaca8c770c7d4701c47b005c299e062ae3aa120c441f37a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
10a3c9756ee264c4c0c256cdb138741e

SHA1
6f4dccdaf904da7852ad8c83856bf7378a3f16ba

SHA256
cb32e8b362b0912a50001dfa0084979558ce08df05e3a5c9adfde2d6dabff3f6

SHA512
2f26bec650187ba08a2bf0df64161830416fd4d60719180601adc7bc0064428e1d7ab0a256da41ecdbc052097a4bc60bd37ddc0fce03234e0be214a64ebf25a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
5fcfb36d95660f72cb5004a457542119

SHA1
0457003963b21efb0ca0a7fd34ca19fcc0942fdc

SHA256
784ae1cee60b7cf90513a6ccddb5e82104431a50d10fdc759b13d32031bddf35

SHA512
569dfb8df0532d1ada912743323b1a496898acded4b47c48c0d0d9a57b884a43d08a353e0466cc14e892777fc3a5411e1cde36bb8d7e138b5f1609fdf78d50f1

Download Submit
memory/1488-11-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/1488-34-0x00000000043A0000-0x00000000043A1000-memory.dmp

Filesize
4KB

Download
memory/1488-25-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/1488-294-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/1488-249-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3116-33-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3116-289-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3116-285-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3116-12-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3116-248-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3116-20-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-239-0x00000000076B0000-0x00000000076B1000-memory.dmp

Filesize
4KB

Download
memory/4676-247-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-242-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-243-0x00000000082E0000-0x00000000082E1000-memory.dmp

Filesize
4KB

Download
memory/4676-244-0x00000000081C0000-0x00000000081C1000-memory.dmp

Filesize
4KB

Download
memory/4676-245-0x0000000008300000-0x0000000008301000-memory.dmp

Filesize
4KB

Download
memory/4676-246-0x0000000008310000-0x0000000008311000-memory.dmp

Filesize
4KB

Download
memory/4676-23-0x0000000005FE0000-0x0000000005FE1000-memory.dmp

Filesize
4KB

Download
memory/4676-284-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-22-0x0000000005FD0000-0x0000000005FD1000-memory.dmp

Filesize
4KB

Download
memory/4676-86-0x00000000076A0000-0x00000000076A1000-memory.dmp

Filesize
4KB

Download
memory/4676-1-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-85-0x0000000007DE0000-0x0000000007DE1000-memory.dmp

Filesize
4KB

Download
memory/4676-4-0x0000000004090000-0x0000000004091000-memory.dmp

Filesize
4KB

Download
memory/4676-0-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download