55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2024 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4592	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
4592	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
392	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
392	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
392	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
392	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
392	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
392	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 4592	1520	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe	85
PID 1520 wrote to memory of 4592	1520	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe	85
PID 1520 wrote to memory of 4592	1520	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe	85
PID 1520 wrote to memory of 392	1520	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe	86
PID 1520 wrote to memory of 392	1520	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe	86
PID 1520 wrote to memory of 392	1520	55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe	86

C:\Users\Admin\AppData\Local\Temp\55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
"C:\Users\Admin\AppData\Local\Temp\55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Users\Admin\AppData\Local\Temp\55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
  "C:\Users\Admin\AppData\Local\Temp\55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Users\Admin\AppData\Local\Temp\55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe
  "C:\Users\Admin\AppData\Local\Temp\55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
92d1d09b482586b1fe8ea50034dced25

SHA1
1c00de3d5182bcf5e5404544c1d655d352f582e1

SHA256
495d647fb0649173ec0d013b71fb40b37dfdb871738b2611550662ab38f6bcb9

SHA512
5c384786352855f71029632af38037da967a63864ab22a032318bb1187177ae057ef377e83623e9371ec11e2ebc44e51e45b9446d8edcd51df21c52d41064cb0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
7a358dd8cfb3bcd0aaa918d1d8eb4243

SHA1
265bc8f1ecf348caf6dfe50a7d4a7b42fddcca14

SHA256
fd951f7166fdcad6fcc5e536f4dd3c3d355e4e1b222acd3bd699ad2a5128b9fd

SHA512
b2d790d8f0648baf5cb9ee2f476121b36c5b9c11a5a3d72d773d07a39d8f7cf7607be22aedc93b09535cd94eed4fe82cec2b1d0be2204883f2d79309cdf92c73

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
17881003b4a7a3f7aa495d8306f73264

SHA1
f3f6ecd0853cfc90c628dbf21cbdab7636b9cdcc

SHA256
2175adcaf80979d2d97fd94fbccff72c51d40b6e4d0e37419e7d8c5815966e53

SHA512
951056c38512608cc13b0ddb1345e7c5ed0a46d946bf5c51a821dc773fd027ecfc6275f73c0229a3ef696b8b1ac2b96ce34c7a8fa5cc18941b12fd7659b7bbf0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b2e0f4c7450ebebc7c25fd5d047d6abd

SHA1
f99233226931996c6c48b5f774743914f488d1fd

SHA256
5ffb4c7c141cf3e03f4c30d0cc5188a39061d892c1593e2515e060d7fbc55b46

SHA512
41a6a6ab2383c81137d183887745af4dcd8025794f90c1f2958ff7a3244514abdeea5caa790fa776a9fa506c86b107856d52f7b6ea1231e73eee4508809cff0e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
301953808f1e43e3f68f6dbfb3e8a49e

SHA1
840bb58f88bcd453f08840dbcadc6dd7e2a17db4

SHA256
db599e0eedb99e9988420b787d86b9488d6adbdba2daf1c29bdaaad69bd7e904

SHA512
985b1b875c7bb9a9442a1a4f6a4069c10230ce102834a9bc14d001285b4785b8089eda8436644154da3f47a9d0d6f1b2e2acab79c9bfad5a4d5d80a3dbc780f2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
745B

MD5
4e0fdd05ef0c690260ddb06f26272f88

SHA1
dd68037f90b9b3fb6c9cffb5043709eb78c432ae

SHA256
a242434be1c67b649a9d6412ded41bdd42e1122c0be16c7ea53dc66e104f63dd

SHA512
28a2e52ef58c76ad0765228156d4503fb90827454c0574246f5f0acd8a4ffe4ffc4fda60fef81f5615ab345d786b2e9a5468a3e6af5cec129f3fe7842a6b9608

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
dcf62668f4c9529761045f9c2a09d46d

SHA1
1664766dc59938006134c6ba84253dfcebd6df03

SHA256
f4e921f860521eba31a7bc1ce54bbdcd47d065a40bbb53812895d114b918c8b5

SHA512
9d6bca5d80930f8396cb2d9ebc89d9a797516bc930945acc1d24adfc33a92dd40fc244396d19e2449a3b16ab6fb8dccabf2c73ed09765180975625e2b79053e5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
2f92c81420e87630f92d599c62d53d1a

SHA1
16927b0d97bfe3f68c5aec8e7bdd37f8fe102935

SHA256
eab89ddd7ffb2e52c729b88f8f04074644f0c219caf1bebee0613b4efffa5e98

SHA512
3b8e515cd9f36d9800bb4c654640cd1f7bdf5734898e81648291968315680ea6c932316ddde9e31112a2c902fb185de10bbe610d96805680c6203990759a13ca

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f8d5fadd3f2511a5fa801ca57ca75a66

SHA1
8dc5caaa44d697aa42d1d091552df4b6f9c7cb23

SHA256
313b5a3fb9723fe1aba73591b8b1567fad6a8bea22303495b894026152595759

SHA512
dd2b5ac9b126ab6c354ba0936b13dee39b72f8a5708a3aa87ca4008db442600f8efcb89f51cd5a7db51878061c98b73cf57b40263cf8f76ec1b4726c4df52207

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
541b739bcd51f7c168c3dbf48e709d83

SHA1
cb6c0a7bd12ab97d4f37c82f9f809bc5b0feac6b

SHA256
2625f39e568e206355b8272dcd7da9b83f0bc6e36436791c43badcb54734d02e

SHA512
6d90bf1e46ba2289e15d2cd069545edca9e70413532607b909adce8b0711ddf070cd70ba75b01d7af2f5af59ef0fa1f6bda3d59f24d7da4eb284c358327549f6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
e89cc1cf9fc1bbd9f318e7fb222e426a

SHA1
a49daaffe3a06c10b92a452df0e45bb1dd37b5ea

SHA256
fc76d77a3cfcf9923e71e46e6652edf0c448a5714f82cb9b63b65f6f5ab18637

SHA512
dd666e4433b0e82b25df50428119d0eeb535d49445a9ae1d7bd5fcd19422c8a943273cea694785cad197797a5f16ed7bcbe2c765fcd47f1492ef2764ad646034

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a1f38bb6f26b349e8a9be7e65e9dcbd8

SHA1
6e2a903bad69e5453327b343175e7be8ae7b0541

SHA256
3186a243ff00a7e5fda02cdc3ed7bf4872dadaf007ae84989f0a0ed09547f97b

SHA512
f11ef820f839f877f1f34ceb1187b3ec79f8c947ac384444a6191286f7d5450915a546526c14f4c8794a338e48c7892baf212e024c337ec84eb45e4bf215c0cd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
861a4af38f489d2d1e7b2900f19e4fdc

SHA1
2d3d1bb256d54f6073d5db716309b8dbe7457342

SHA256
62846ef22eb4f7e65b7cd28494dc31a89e2aa6ab7d416957c3a269fb728fa574

SHA512
06b08c55b77c27dded511057bf23b547be237893e5996dd4187f4bdbc2bed5b60b7ff5d9750b9c38d1e579df955511ae3ce76b720d106cdba656f4eaeb5a4ca8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
fc0c41e485536a1febc3918a69b91318

SHA1
85a834db454156bd1c7d127a95c84bb9977a7fd4

SHA256
95e2b2822082f473a3e0601ac530716774c7bf0166a86d2b6c43c383d4f87b21

SHA512
e5d2958418143053f0f62b7c1ba30f8d14dd40facd16d4fc07f92591035ca43ee0f6d4d544917c6b1295780f6442ffcab40eecf5d23112b017909d3ac54c9c08

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
d5697229d9d34df676a7c7d9ef8bdea6

SHA1
c92df73f47ee137d425c83683b3780dc11d95eb8

SHA256
b206bad02035f4fe331f478ff07012e7adb360b6f47eb73b1f99aaaa2e7b66e0

SHA512
c78d6bea8c9bc8ffa0b3e9486e99209a2406c4f1d1e6ca9a3903e2ef3495686469ac5fc220778e7d87d12c73978d4054196e7f07fea2b23ccc0f33499e0b0d84

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
00f289f1c2bc4a6e949c4f24feb9da4e

SHA1
f0dd4b374e6ec711d44b9395e5db4b90ffa2706c

SHA256
c43b165bdf5e82856240f7ce1794e1f3e8b445463976bb672bba959e53615f8a

SHA512
2300cb723b27db753d12ecb7a7d564a0eb15604822a6fff9733c3aeaa96708a22b3a8663f098a3c6ad888e0726f303562a97f88b380cfc463982aeddb8099af6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b8735fc93468481f8d9d268cd8feec37

SHA1
3693a19d4236fb5a8fd1d58eb4c01fdd79d81196

SHA256
f151735b8750a13a787de64f3c546741c335ad249a49302d6ced78707b01657d

SHA512
bb50a774298c9d3eb4a2861832ab2a80fc635db2d365eeb91679a00640d621a01520b8087eefd81ad1328e11284bef00bffad86904ee609c8b3b0257f762e7f7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bc2609bd3163a4b5e0540ec8513149a9

SHA1
eb5ed1ca2d30fdd59a0d582800c9ae9b401b8ee0

SHA256
fb59d62f1660ee098fa981ff9fb703f9c4eb496f92f9a08a55a1cf4d19419371

SHA512
df31c5e5b27688373a7c863fc299cc88b90ac7c83c67633aa78abef929dc8b5040c17cb917b21097928f6c1a65ccba7ad6e2c28f2e965b8a8ca53637f1c090c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
983afac88a71d84e64181b6f1c5e55b2

SHA1
bd9c72db79c1cfd497fa93d606108f8d7165a739

SHA256
2196f7f6b04e49706c23fcfbb76d91af06f0baa13ba688860ce58ce4266d3ea7

SHA512
d0a2f30d92b4d566c3dbed61760b5f8604f8ca718450498c0c0e96040b490b3cb7a7c2420de974a342c402d1909277b3665e17a8f9e3b50b379ea359d671cce3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
241e59767b4b573c2510bcaeca9ee999

SHA1
c61dac8b966b05c1018e16da6d2561e1d18c85ed

SHA256
fce278eada4589aeefc66916faf620813194c4a3b60b20dd9cd7d699e1c89c4c

SHA512
58a06fedfbe91dc56d9811f50ea3be70492704d65a56b860c92377386a03e3d0f3b9fc815c0caefed965b6b91764be037b45ce6744a6649e666e0709ff28a264

Download Submit
memory/392-11-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/392-27-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/392-99-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/392-260-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/1520-26-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/1520-248-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/1520-97-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/1520-1-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/1520-88-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/1520-28-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/1520-4-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/1520-258-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/1520-87-0x0000000008160000-0x0000000008161000-memory.dmp

Filesize
4KB

Download
memory/1520-0-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/4592-12-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/4592-98-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/4592-32-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

Filesize
4KB

Download
memory/4592-259-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download
memory/4592-106-0x0000000000360000-0x0000000001A97000-memory.dmp

Filesize
23.2MB

Download