Analysis

  • max time kernel
    594s
  • max time network
    599s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 16:00

General

  • Target

    asd.exe

  • Size

    5.0MB

  • MD5

    a21768190f3b9feae33aaef660cb7a83

  • SHA1

    24780657328783ef50ae0964b23288e68841a421

  • SHA256

    55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

  • SHA512

    ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

  • SSDEEP

    98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\asd.exe
    "C:\Users\Admin\AppData\Local\Temp\asd.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Users\Admin\AppData\Local\Temp\asd.exe
      "C:\Users\Admin\AppData\Local\Temp\asd.exe" --local-service
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2624
    • C:\Users\Admin\AppData\Local\Temp\asd.exe
      "C:\Users\Admin\AppData\Local\Temp\asd.exe" --local-control
      2⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gcapi.dll

    Filesize

    385KB

    MD5

    1ce7d5a1566c8c449d0f6772a8c27900

    SHA1

    60854185f6338e1bfc7497fd41aa44c5c00d8f85

    SHA256

    73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

    SHA512

    7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

    Filesize

    7KB

    MD5

    80e64be4b6e4bc633a53e47080283f21

    SHA1

    36b01eba139f4576861f0ccfe3ef5d644541b283

    SHA256

    1f58ac437c7959e76cb50065f49d322b604c451d54110f003f8790d8ced66189

    SHA512

    cb8680d72e7ee24515555eda60740ba4804bde77855dcfa6339774551d552088a77a3e562004cf958d0ab6c025460f3861457ee20a16e4e5ba711ec11aa2e131

  • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

    Filesize

    10KB

    MD5

    1987bcbc6f8af9dfee95e28241b18789

    SHA1

    237317c04631f52173672487f8204579e2f5d2eb

    SHA256

    fce884e698c4f07d5b73bbdb12dd01a1c6fa606f7f6b1bb3e9009a8691f11104

    SHA512

    eff9b86e5271f76e7cdb164c014750020837b0cbab073623131c15c4ecc33465b81115eca196e389d2ba4b5bbf1613bc06325856dc383640859005cd909bdbcd

  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

    Filesize

    2KB

    MD5

    2f790ba854733d0f8d141272dc76c924

    SHA1

    d47f0a00aa68e83ae355ddce45a3d7668561d345

    SHA256

    0a072561ce7c53cc732000e84c2c2f795c5eed489b370c7ceb85f117b800f0c3

    SHA512

    dc3015b9dd63c5352daea0466efbd9080e447a8ec8831fc8256be8dcdb15afeb233dcfa7199295fbceef329bc5b15e465ffdc821f0f7aa757b25255f173b9d4c

  • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

    Filesize

    2KB

    MD5

    32e8cc9e2e2d4ddff38de100ba015f86

    SHA1

    ee27718a67a70092c9724d053e4605d7ae0b2e32

    SHA256

    108f883ccd56b7d7e06e8e76dc0912abedb87a078a94b6fa55b9dfd52b316cb6

    SHA512

    f8201fdf61440bce9cf27b904888c5dc3d68bea45737dc4c7dd8b69fe20819bdb837e765b79c9b2ff6ddc9b2b5001e89de5b690a2276bfe972db829f4da0886f

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

    Filesize

    611B

    MD5

    28367ee0cebebbf29894cc45dc1d3387

    SHA1

    5a506722f158a34091cd4c2e7387b814237c1379

    SHA256

    32555671459bab4d33d2d5cd9bcf425903723ead6e4d81ffd5bbdbd37c1015f0

    SHA512

    94883215e6a308dbb6503f7137a048016f20d8ded3a0618e1a6d7bcf56aa8c547d261511447f4c09bedac55f51aa8f5375428b822dd71cd445edab47d9fc5461

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

    Filesize

    668B

    MD5

    02d34e8091d1b9e2f1435d2a2350110f

    SHA1

    e4ca172e78437611da049414863673194a5af375

    SHA256

    b1edda6d7a7d285aa4c752767bcc45081e06a1f6ed19ac26f3c1f4c4e9375a40

    SHA512

    de2859e8c00ae2707632965bec36ec3f3f4fa67da138fd8fc2267057a140f1e49277c4d9787e7ef687b3fd1139e262138bc320af6ca0cc4748624c6700305a32

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

    Filesize

    737B

    MD5

    fca83d7fbe4833525d5166a67fa7faa5

    SHA1

    c1768e54001bfb8898c6ee9461cc654ed1fb72bb

    SHA256

    83ab05e5622499043ea5aa0b7c5f2a05c9cacacf0c845007a2ed0e9cd539faa5

    SHA512

    7b97c95b3178ff0c09b16477248d081b9a1a86333fa73e90d27d3be04c6159970192ae76782bf9e6c21f906fa6525f2d0bbdd55d05ba9ec06b12e66320782af7

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

    Filesize

    312B

    MD5

    0c04ad1083dc5c7c45e3ee2cd344ae38

    SHA1

    f1cf190f8ca93000e56d49732e9e827e2554c46f

    SHA256

    6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

    SHA512

    6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

  • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

    Filesize

    424B

    MD5

    d545239e64bf2d8b9609632158bca07c

    SHA1

    c37f94b39bc51793cffefe94200ddc04ae1429e2

    SHA256

    3ab605c7b5b4f11515d9aaaaa33031d62a9613ea642e2ef58a39612f6ec033bd

    SHA512

    3bc24424cf31047cd268ad271fb4c91ef7a6e4c03bc81bbf22f9d8d3a79b50925d73340d84621d5b69aca6ab6f7c40b05d089402c5a79770aadd0c1bf70f124b

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    1KB

    MD5

    fc26cefd01b7c77a03dc24a9d2649549

    SHA1

    d57a4f859358ac9bfaf51aa22c2406e0457b111c

    SHA256

    98f42ba1e87c1a9d152c7529ae6005b4758593b316036e2c0a0c5257300a9481

    SHA512

    4f4638d62f3e204c66416c9e3885d6feeb9f8a15647ab1b8dd92ab9cf9b46a99d4141045785d050756d492c553bd4c34abf04db4084ab3e42e7506cc11423d15

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    2KB

    MD5

    b1ac3a8b8d395bf1f2b862bca9f3ab7f

    SHA1

    4f17fda63425317b4d4194ddf71506e063ee518a

    SHA256

    b0e942d82fae330c9a28f1effff7ce7a49c53bddbcf9bbbac377561c84fe5462

    SHA512

    0cf64586b96deabf883abe2b7f3ea9222fccd34cf6292b29ff61b1092d1e75b11e21b97c22170da8e55186964b52c8439f77fcadaf243d9b1322735467fd5f46

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    1KB

    MD5

    f7c49e452e3294c9904c82e30481170e

    SHA1

    72f7111d1ed18dfb37934e8beca56d893af93b41

    SHA256

    754b6e35958d68482b699775413dfa58d30f6fa744f43afe6912c5dfe1882957

    SHA512

    744a13f857b31c987125f60f82b3279d4ba7054ddd5e53714de0d8c005eaba2d300658082d80b2b4cf823eee3c450ec1c76a0152814bae9d0f1648f85696a74a

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    3KB

    MD5

    db2de83e167b5f837726b4bb435ab0d9

    SHA1

    6bbe90f105d0a58232943e5093a6c7f0ca3a1008

    SHA256

    64f72805e6ca5ab10f6fb158229f470e379b8369dcbb1b6db9eeddd8750e2857

    SHA512

    79a39384b9a00524d10b3f8deb9d6077363f8eafef4e00e85a69af45da420e80a839f3d1bcf7287c7f6f1d42bdd7204d46d00308d2c3f09f36682655edfef656

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    2KB

    MD5

    adf035738ccfce13ac844a368caeb0da

    SHA1

    0a636cebe56c3603861c3d8803d589ba6a517114

    SHA256

    14ac8566f5aaaa650b690becd32891bb0db549f5a495233bad064a788d5334ee

    SHA512

    6af0efe687064a43fc7b2cba7afdfdbc0dadfa5b4b01bf07403f5a90e27d77253627f0780af09e6eac603850dc0e9b4ec69cbf5d7ab96c507588f465888223d6

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    3KB

    MD5

    c81f45c07dc839152f2258c99ce572e9

    SHA1

    5309e467edab33cd450c5d060a871f91be380112

    SHA256

    037e5b5348858c0b995b9f10b8af1c7a597e0e72e0682c1f31a47a2254243c38

    SHA512

    e7ee111776f4244810491b486a822da179cee92da421b7942601cb3843c421396b2624523d8fc2bb4c5e262e93345a41e3cac630e7319e3c2fb73f71d8552570

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    3KB

    MD5

    20fc211b868ecbd7eaf079a6553cb1e8

    SHA1

    e63d9fd8c9bbe88da3071f6c4c5458eadabeb7db

    SHA256

    d3830acc05022d6b19d3761d063141b6aa75f0be14f41eba791427c270c3505e

    SHA512

    1cd4bc2c31f50fa46fd2f92c8e658b3a1b0cc08103fb9fd702234f452ac4ffecc920f0440209c248535125ec9dd6815489701336e16ea5f4deef94b146c83852

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    3KB

    MD5

    5965db90461ea428ece15f21ffd05943

    SHA1

    585e8ba181e951f87c032e48f2547ddfa2e2d6bc

    SHA256

    08e78ae009c50fc34715f75bf17656aaa8a40a67711eb03d860779e4d9965fd1

    SHA512

    2408c0a210284db765b9d274d63ed6105faa63210f34b9c3aaed26c2f9a9043139d669463a8327f2523eab061f2d69292cad6f65d48d4ff6d4bbf07555e4316e

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    6KB

    MD5

    9485cb27851d7261ce4a7c4c977d1536

    SHA1

    23fe350f0587885b81912c2652de3f5d048657da

    SHA256

    67a81eda36e9728fcb855f1738552a7313924f83b1d621775d0873f3ee481eb7

    SHA512

    c579191494a4e0bd77699e60d5c14c523e5bd914bf5e84cede2f76cbc23ced0d71ac66da45f0a4a77d8039686d6521a1f23dc3024283576b63f90ad3f1185bee

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    6KB

    MD5

    cd5637d707b24e6849c13c4eb0965243

    SHA1

    fbe2f90a155539052542cbebc52e5c2cd1c39986

    SHA256

    39513a38af3ab5189077fdfe1231faca98ba3f47ac811045cfbef4f12a7c7f08

    SHA512

    8a7e190b4e59d51067ed50b0b1eb04ce23737ce050de6ddf43610eb8fd3b41a93e99af0af420f2975b628004d0ea16f642be4f2218bb2af930cfcd75245bf45c

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    1KB

    MD5

    f50209206574167f00550fe831b67359

    SHA1

    889acfb6d6b705d0396bc1cfb5ec178a4008e472

    SHA256

    2670165290ad858bde57df7affab0701729b65aa462dcb18a6e8dc64df5980d7

    SHA512

    219b663cb2f7f9508522212077c884c365d6f2cba0fafa2838d8d66fe6663896113e7230d502ba2002646464f3a9de210be78be7bddfbfb8a3c8ad844370b6bb

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    1KB

    MD5

    5b31f1d3895ed6fe16b83aecd38bc209

    SHA1

    8b6a37f332d9bd0e7846670a2c8b61d972d7f8d6

    SHA256

    628e7ee4bbbe8515920514038ac40320fcf88a7e367f38f85244d205caffda89

    SHA512

    d2e09f6896a24f0e4653f1ca122c9b9a24a7e5fb7c4ae1c00bc9954ecb8d2232a0e0c32c6222c33457cf88518ebeddb7c59c4953fcf2dc8d4d955d6ca6760b93

  • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

    Filesize

    1KB

    MD5

    c1ee95f5a7a57e429b704a1e5018541f

    SHA1

    1399f8fa8cc6dcd88607756301021d9bb58f5763

    SHA256

    b3ac203c3a89c4d7d595a671e3015f81903c3eddc565a4c92ba0051bd3ddc9f9

    SHA512

    148cfdee9c6942a0692320ebe3f867f962b46de8c5ca7916dda4bfda34a89d4d02725ca6950c60ffc0e54e2e78c799d05f946dc51bdd77f59216551e724a1824

  • memory/1336-4-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB

  • memory/1336-2-0x0000000000F94000-0x00000000021D3000-memory.dmp

    Filesize

    18.2MB

  • memory/1336-1-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB

  • memory/1336-274-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB

  • memory/1336-280-0x0000000000F94000-0x00000000021D3000-memory.dmp

    Filesize

    18.2MB

  • memory/2584-27-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB

  • memory/2584-276-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB

  • memory/2624-11-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB

  • memory/2624-275-0x0000000000F90000-0x00000000026C7000-memory.dmp

    Filesize

    23.2MB