Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
08/02/2024, 20:06
240208-yvqprsbh98 708/02/2024, 20:04
240208-ytg18sbh89 708/02/2024, 20:02
240208-ysb4laac9y 108/02/2024, 20:02
240208-yr4r8abh77 108/02/2024, 19:58
240208-yqcbksbh63 308/02/2024, 19:54
240208-ymx4wabh38 708/02/2024, 19:52
240208-ylw57abh26 108/02/2024, 19:51
240208-yk2z2sac4v 108/02/2024, 19:50
240208-yklytsbg95 108/02/2024, 19:46
240208-yg8y7abg62 3Analysis
-
max time kernel
1799s -
max time network
1795s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/02/2024, 20:04
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
AnyDesk.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
AnyDesk.exe
Resource
android-x64-arm64-20231215-en
General
-
Target
AnyDesk.exe
-
Size
5.0MB
-
MD5
a21768190f3b9feae33aaef660cb7a83
-
SHA1
24780657328783ef50ae0964b23288e68841a421
-
SHA256
55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
-
SHA512
ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
-
SSDEEP
98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
Malware Config
Signatures
-
Unexpected DNS network traffic destination 30 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 Destination IP 9.9.9.9 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AnyDesk.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AnyDesk.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1424 AnyDesk.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 1072 AnyDesk.exe 1072 AnyDesk.exe 1072 AnyDesk.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1072 AnyDesk.exe 1072 AnyDesk.exe 1072 AnyDesk.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2156 wrote to memory of 1424 2156 AnyDesk.exe 28 PID 2156 wrote to memory of 1424 2156 AnyDesk.exe 28 PID 2156 wrote to memory of 1424 2156 AnyDesk.exe 28 PID 2156 wrote to memory of 1424 2156 AnyDesk.exe 28 PID 2156 wrote to memory of 1072 2156 AnyDesk.exe 29 PID 2156 wrote to memory of 1072 2156 AnyDesk.exe 29 PID 2156 wrote to memory of 1072 2156 AnyDesk.exe 29 PID 2156 wrote to memory of 1072 2156 AnyDesk.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424
-
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1072
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5e3ffe1ac4625be5686b61f8e7746ba6c
SHA1366eb743e9b2ab512b65205977339bcc4ebc545a
SHA2565f97778d49984d6ba9350dc3ff31443342b38ad77553c82b9a4568d446523874
SHA512ed10c7f116a38914bf2e5ad199142dd6c71ff5c6aa3c7cbc976b376e59274b4ebaa19d88ee976f461b88cf8bc0cc559df491e4de145917f1c40de52504896eaf
-
Filesize
7KB
MD5e71b6f926345cb9a4ef42c5037a372a5
SHA1f5603ffebad5ce4e21507005b183c1c3d0a78ad4
SHA256011e98742dc3be1f96121046ad39f06377f8bdca7cdc5b432f8430d8805bfd1b
SHA5126214d77daba3d9b08bff2ffccfb20ee498ce6e4b09160a36a409ed69943e9abe0968aa7a4629d527c589f36d4d23c06e08b5f7fe0f3a249ea950a862e5ece9d8
-
Filesize
2KB
MD55be1519eb02fef6cb34ed526e61e4c30
SHA1217f6a6edcdb41777534aad0a94381f56dcdd285
SHA2565c13cb4e7ca91ffc86997fb39bd4496ae1f01587d1975233e3ba7cff4626a36a
SHA51299229adf37a3e3b39ee04f0d823e365a027325763e25c294f9238b423f2538a0a3cea2e4b7e8c81531a1b432f5753f6df0a34b8d5137660ea4025b915ae4c845
-
Filesize
424B
MD5c6d12459c798c886a61ca7f86276dee5
SHA1034ccf2c490849039b838f1315ab4558c8897042
SHA256a702e84cb9be1145ea2b30aa6c1b4de236a08f0a76c8234d7fae751e52e39313
SHA51298bd95c9f21ed416a97cbee2081339e5ce788baa2ef9ba50e65d35820e56cedf1f2edd168e0ae2f8f5a91fdb3bc9abd60f3cffa4c3be3c9a2c76786fd77a4c42
-
Filesize
424B
MD5ce6768ca4c5bd481bd59f2aa1691b2dd
SHA182f34cf2a2e3b253f5d76da968df0b780152582e
SHA2566a2f0f78a4c9bc81a3853e90c8e6e200f60b275b12ad6b70322687b153ac9cf2
SHA512f288a67999569afa729f65437cd70bebd35ce0c69b6e76fcbdca392713e5778430b67b2234eb00465653e32b7fb12a42328e432ad3d88d59b002e2236b89a936
-
Filesize
1KB
MD52c0ce2c3e7c62d8ea413e2373df05663
SHA128f2a2b2b96cca1e2e7e378f94795f9f62fddd2a
SHA2563451ee70bf3ecf630e7a845590f2f8a07a47a34909cd08f1721ef66b4c3242f2
SHA5126ec35600c31a012a9a3b5ae985f98ebffe36ff6930c4a14c1ed2211e4fa91ecb38f007dc5fb2f94563f7d49beec878f9ae7f8f25d51cd335f0c818ab618f7709
-
Filesize
1KB
MD5d1559c74fb9842b3fefdeacc6093a59d
SHA190a24e7bfeafc6e40e5d58ab8109d92a3ea99535
SHA256fca60b68989fefb977e64f7eb5f0a43c3c81912bd3b0e41d736b3b1c3b7926b1
SHA51283f027afcba386145808ba660287c04a675357025b4ed3549ea807a9012ccd84b8ef5ac29fb490122abc6202cbca15b8e7917d7665e4487f906c61121be8f410
-
Filesize
1KB
MD56c8f8c724a7ffb2edd44e18120f110de
SHA192cb73dae252d8d168d72e7d6e7fd55869ca444b
SHA2565333cd0b4d2293d88d7dba07df19a401a520635bbe00ceb47e8fa85f902e1102
SHA512c35b76466430d100031cfa217a3324f1fef0f8a8bacc85b1d823221b5aa47968663a976fe0d1237e755e175694906c3bd398bce28e93df5a2f2059eb56eea0ac
-
Filesize
1KB
MD5e6eb3e05a1692abd0e4fef621a40734a
SHA151c1099797d815478000b9b79a16890b59e9ea3e
SHA256986a85b093aee633128cc01de0e016c22e501a295ae50d6dfd85fd350e30d1e0
SHA5121ab74e8b0dfcc1e97af7f181ef47d02f5e3980456c9e8bfdeec5018d9bf7ee12dc31607abc97c72cc19e7120b5b6738fabaf5d5015715a7fd6eaea2a026345a9
-
Filesize
1KB
MD559e10fd17228ba08d3c72106ad064ecc
SHA13171b19e0adb8e123e677ed4a9c894b10d65621c
SHA256bbd238996e9e8de893493dffc17e258f69737614631fa12dcda01127830d5aba
SHA512a2bd9e2112940a4c4cff71696a8ae19b6cf03c748ceba38ecd5753d4331c3132bd74c7939a350cb20c58a20d2ae68a415e862aa627f9c3778b362af42e6d2d87