Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

AnyDesk.exe

windows10-2004-x64

5

Resubmissions

20/02/2024, 10:50

240220-mxjtfsfb7w 4

20/02/2024, 10:46

240220-mvcblafg39 5

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk.exe

  • Size

    5.0MB

  • MD5

    a21768190f3b9feae33aaef660cb7a83

  • SHA1

    24780657328783ef50ae0964b23288e68841a421

  • SHA256

    55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

  • SHA512

    ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

  • SSDEEP

    98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2428
      • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
        3⤵
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        PID:5092
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5076
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2d0 0x150
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5088
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gcapi.dll
    Filesize

    385KB

    MD5

    1ce7d5a1566c8c449d0f6772a8c27900

    SHA1

    60854185f6338e1bfc7497fd41aa44c5c00d8f85

    SHA256

    73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

    SHA512

    7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
    Filesize

    5KB

    MD5

    a6ca448deb59d628f8c4654dcb927ebd

    SHA1

    39ededbd0ae4d8886431e5a6632a387b99aed374

    SHA256

    da74e8bf6d6e3a5117354855d953c606253e5b4943578f457e522904e63e0cf9

    SHA512

    16055b80985a96a745e29200c480f213881d34b3e628310cbb867fb2cd9aa4ab740632546935e7a8beb8b3cdfef8218d607539df66bf975dbacd0c78702870b0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
    Filesize

    35KB

    MD5

    21c104ede7b5897a8d475bf537cc1227

    SHA1

    4cd60c0af4757db2c7f92e21507a60f7bbf21033

    SHA256

    3354f32b602cae4cc9df9f2a84e98e2e168821ffb3205aa8d70282d5f581fba9

    SHA512

    0fb886848a3ad2911105728f436553b50b0b317d0f6a77e9f772ede1c69c491b551e8cf21cd7a8fb20faf2a9bf8b55d48c13d0973cf3545f203ea469639a7b3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
    Filesize

    2KB

    MD5

    d664d4f4466b15bfb010d3315ba4e887

    SHA1

    c31f7baf3a7075351b4eb5fb743ede9652a376c3

    SHA256

    a91b3cc32c1237f6217d999759e89266926d843169e18dce2230789c51ca56d5

    SHA512

    e6f32b974513df9e84c5dd1885f30799eb7a2d0e29cfaaf4c61785e9819e39fdfb553f7ec9cad1c0452760dba97274d60f590ce05654fdb32d5ea1d7d148a594

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
    Filesize

    2KB

    MD5

    47d084a88e16cbabc87d67acb05b3cb2

    SHA1

    5bebd090741e4170f1e71873304a1cd45f76815f

    SHA256

    0a3236a9cc727907ae37b58eb97708dcc4cdd9b557e622d4e5bae2f2e2b9212f

    SHA512

    60bd092a47d7e0e88f29fabfc0ce85a3fd5ddc14d6b67691bc2db5d1083dd44943e995bab5ddb9bd2f1f306063410ca163fc4e9e6855fb46468547ae770107ce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    733B

    MD5

    53214b3605e842422241e67f9916824d

    SHA1

    8bcf6036576f3b5c5d0bcd9b52105f6f94eeb19b

    SHA256

    9057eb51feb1cd46636291ee07c5858fd18f31cb60b5db1c640ac39423725208

    SHA512

    452a117c76ccd4b1b1f280b4b077f30dffc41d2ca58ecd00a9d61c4a703e72d91fc1440b4b576b655e83ad5fbe6918ae10bae211b35161e64b26aec41a2c52cf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    802B

    MD5

    8026ee7bbe337f65715a782e6f7b95e2

    SHA1

    ccd406d05055e3cfb98985cbd8390aad73d5d7ed

    SHA256

    889f4ea4dfdeb378f8b56b434070d12ed6f2f1c099081ba2e4ce38510fae8dda

    SHA512

    7786b587980f3411a0566e0b1f606de3a4824429d18c40697e07e8daf97e7d036ec4cd667ad294f1b29c689858e4f39b0ff118026c2cb58f82832900e86075f7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    312B

    MD5

    0c04ad1083dc5c7c45e3ee2cd344ae38

    SHA1

    f1cf190f8ca93000e56d49732e9e827e2554c46f

    SHA256

    6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

    SHA512

    6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
    Filesize

    424B

    MD5

    abdbebd4a43025991f5c92fd6c8c47f4

    SHA1

    efde1e9fc7cc3a85cf1469b40147f54f58317301

    SHA256

    dd4cbcb784fd176490711c9c9817daf449173eec2821ab9375d98b8158e82117

    SHA512

    eac4dcc054ade18454d2eaf4a8af13e29d1def18247331bd26ef613635b7046000e4643655da77b73a2917ac3d7a490a0e5d53bc7968e2281599842b02b7b904

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    3KB

    MD5

    0f1ad178f5d7a7284891101b874fb2fa

    SHA1

    ce4ed50f263022c8c344e9b178ec3f88b7280da9

    SHA256

    3551e1d4925af210e4ef5a5fa583dee1ed22b4b97fbf9f7d982bae1720f6fa56

    SHA512

    92c61098407d02e68aaffcf11c76049a2cebdd0034dcb512798aeb1a7797f58380e2f8d08c4334f6416b87247483be4f96c029e0995b903c05686ff6d0dd44d3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    c1039427769d12dfde800d1745326fda

    SHA1

    af8f7a485fdff9e51a9a1fb4b3040f39beb11d13

    SHA256

    49699330d815025659f447b9866529d0efa50ec8cb66f7b4d20fec188c334d29

    SHA512

    9101b6b39e07010a7bb8c404b7fb9e069b9f40d17aea0959333f5cddbd6925f57398f1b913ac26ddee37f28153aa8b878c4fffaaad1587ddd17fc0eb548f5124

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    6KB

    MD5

    258071b1b8dae1e58d8584bb4a1235c9

    SHA1

    f5bcc8b31f5e2db75781438284e7019708156426

    SHA256

    91c8ab1087475dc73ed8a923f3e3fb630094f960a5f4533e17cb6a01651620f3

    SHA512

    a52b90f442d20be6d2a4d2dce67bf55cf1f8f0e239a2c9157ed95f0f47044eb19c250ce6a8ac9d550aaa502805c5c713a76303e94343b10b3e4bb26778dec45a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    6KB

    MD5

    c1a4d9e165b3fde4e5335bfbda8bcf71

    SHA1

    84ac3ddb20ad3b103ab4a455e4ac1d8bcc925fcd

    SHA256

    816330bc68a34fe22ca4a89f12e36b1276b392c3c630c608c4b57f9f6cc2b90b

    SHA512

    a7bb58fdad5222b70fcfdec3fb387f2daba1bebf46a7925ad5e42e18cd69dc7db6106ae6ab3bd70e7c13d7932f75aacf5bf9f4f0e4cc78aac8fe671f307288a1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    6KB

    MD5

    93ef0606dd656d2358509de52c0d55cb

    SHA1

    79767b34d48eef997988e71a2bd7158c762be538

    SHA256

    926f337a1541759d97e606a0a5ccd46c24d48b29965b480683e145b680fa631f

    SHA512

    4a5ec7a687540552ba6d1a26cee7915fbc32d7e52d0408a11141e973d948378351dc4d5e895366d87213cce95ff9d6a4319da5ad3c213681660d52395df95940

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    7KB

    MD5

    05bdd4bbc3095dee352146cbcb56fc8d

    SHA1

    affbe1b1bf90d22efe116c70d8b4df69aca64fe2

    SHA256

    6c21d954cf3e031ebfa02c369eddd05cbc409f36e7e91a34c0e13b601133ad9d

    SHA512

    0e52dc7c675b524881ba3a353d8d1dfbdf87c1ffb1f221feba086fc3d946ce43ff05c1ec7aadfd7fce228356a5623db59c44d9e0290e976fdc7a17974d1eeee7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    dd9086e78e75d39a0c558eb314e56376

    SHA1

    5435d9ac61e1ae7330265c8ed87afef382f6178b

    SHA256

    b24d0247ff9819cc462e66692a68cd4e55c3e302adc0858382eddc5f83b1aef3

    SHA512

    7820ca66ed82fdbac9063881b20479c4269c98825afad835ea85ddd277424f86fe6200623025a8506ee671430667e7ea42a9a26c3c5889fbd704a02aab2f478b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    50b9dae893128ac8a991c33f0d81c848

    SHA1

    fa9186b5f40a41d29745ee29266804c46b641a25

    SHA256

    93b96e9c5135d65b79488504e58137fd4d147afa412c2171442de1f9270ddb8a

    SHA512

    5762379d8725ce52cb714b03487129c4f4e1da25bb7ca2aaed968a856c1a1df1894915500e1db3e9f76a977d46131aeaf95cc0ea39dfc6fc896730b1099c0ba8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
    Filesize

    1KB

    MD5

    1e970d39bc0bf3a3e93f8aea4eba5bb8

    SHA1

    5039cd1604cb49931ce5a078c90f317f44ab239b

    SHA256

    55cef9a10d480f6ea7b05af13af644ef472e28d2b41892469767a7143d000a48

    SHA512

    56a87780f44dc4655ced61db526736ac03d52d53a736348af69f656deaaf05bbe9c2d685a80a2e34d46fdd5d08af68bcd147c73f2682e9fd1a0a45cd34767415

    Download Submit

  • memory/2012-33-0x00000000059E0000-0x00000000059E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-3-0x0000000003840000-0x0000000003841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-0-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2012-1-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2012-86-0x0000000007FB0000-0x0000000007FB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-21-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2012-241-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2012-109-0x0000000007160000-0x0000000007161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-240-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2012-18-0x00000000059D0000-0x00000000059D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-237-0x0000000007170000-0x0000000007171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2428-327-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-34-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2428-287-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-242-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-293-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-247-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-296-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-307-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-311-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/2428-17-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/4972-320-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-314-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-324-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-325-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-321-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-322-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-316-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-323-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-315-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-326-0x0000023E45900000-0x0000023E45901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-32-0x0000000001E50000-0x0000000001E51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-30-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/5076-243-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/5076-288-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/5076-19-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/5092-263-0x0000000005AC0000-0x0000000005AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-278-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-282-0x0000000005BF0000-0x0000000005BF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-277-0x0000000005BA0000-0x0000000005BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-276-0x0000000005B90000-0x0000000005B91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-270-0x0000000005B30000-0x0000000005B31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-260-0x00000000058E0000-0x00000000058E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-259-0x00000000058C0000-0x00000000058C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-281-0x0000000005BE0000-0x0000000005BE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-286-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-280-0x0000000005BD0000-0x0000000005BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-279-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-289-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/5092-291-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download

  • memory/5092-273-0x0000000005B60000-0x0000000005B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-275-0x0000000005B80000-0x0000000005B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-274-0x0000000005B70000-0x0000000005B71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-272-0x0000000005B50000-0x0000000005B51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-271-0x0000000005B40000-0x0000000005B41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-261-0x0000000005A90000-0x0000000005A91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-262-0x0000000005AA0000-0x0000000005AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-268-0x0000000005B10000-0x0000000005B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-269-0x0000000005B20000-0x0000000005B21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-267-0x0000000005B00000-0x0000000005B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-264-0x0000000005AD0000-0x0000000005AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-265-0x0000000005AE0000-0x0000000005AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-266-0x0000000005900000-0x0000000005901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-254-0x0000000003850000-0x0000000003851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-248-0x0000000000060000-0x0000000001797000-memory.dmp

    Filesize

    23.2MB

    Download