8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
Size

3.9MB
MD5

30c9c57aa570088d745fac7bfd05b805
SHA1

d579d18848859614e219afa6332d410e0ca71fc3
SHA256

8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
SHA512

182dc736cf09e8b4e063b29c839999ab28506a71e22173484f9dbc9bf9472456406aa0c8de542d85436200317175f9e32d65f1bb1e567b8c717860348fd3b52c
SSDEEP

98304:oOmZb0bHkeaRs4WpcF8uztWOiiROB4/Oo1sRF:rmZb0bEds4XFR0OiC/GT

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	9.9.9.9

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
932	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
932	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4120	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
4120	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
4120	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4120	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
4120	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
4120	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 932	1188	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe	82
PID 1188 wrote to memory of 932	1188	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe	82
PID 1188 wrote to memory of 932	1188	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe	82
PID 1188 wrote to memory of 4120	1188	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe	83
PID 1188 wrote to memory of 4120	1188	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe	83
PID 1188 wrote to memory of 4120	1188	8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe	83

C:\Users\Admin\AppData\Local\Temp\8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
"C:\Users\Admin\AppData\Local\Temp\8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Local\Temp\8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
  "C:\Users\Admin\AppData\Local\Temp\8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932
- C:\Users\Admin\AppData\Local\Temp\8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe
  "C:\Users\Admin\AppData\Local\Temp\8cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
2f21f8cbbf99fd0ab3db1658044321e8

SHA1
f44ea361a860871ab1d8d2c583bd732518fc5ae9

SHA256
944ab93c6eb445f96e13aee76292b033a8a9cbd407ffad1a8f344a130349f7cf

SHA512
31addf4de0f0d4db0c550072701e62e273a9150f99c9f13f00a3d803e9b83196a7f1692fc6dfa58c4b2181c9a5c101fcfa2b086504161e0243b025acc6fff60f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
57fc565bfa3718ca0623d734becd4dc9

SHA1
6f1f9743b3413fa965a8ec9efd9082aee1252236

SHA256
cf7018e4d7860a0f3f467b8701bc0cf6a28a2a499a97c36964b3cc15c94dd836

SHA512
a3d55542df8e6d40afd0af509b0fe7afdf768dcce265b7a75dc8eb780c17f8f09ec7a7d98b68d8ef14d9fce4418f15a7de6bcf3234e88f534dca49006433850a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a8e5c6dc20a052fcdcb66469a9e5314b

SHA1
e0f26a9d1f28aa8af343dbbe090f5b63befb94e7

SHA256
7ce1faa14db4c4343fdbf49e3280b1753c28ca80c315c02a9732180088aecb81

SHA512
851990ecc6df0d4694e438316985d65c86ee6cce848e2e14bb99a60b1df00ba36feaaf27c918cd74cbab96f788e7ae0f78994c494d59ac4d988cf2292897ff70

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
3f65a717b1c60fce8ca713477872be65

SHA1
7db36a55643ef1fe9e18dac8ecc4eab2b2d572a3

SHA256
3540be12f33894bd15bcf147315a8682684cf6a8993641708c8d03829eb872c4

SHA512
7c931ec8ab20c926e6ada4a7f2d5b1676ae77a0670086ed18d747efff42021df0eb7574d133be354510dd143286fd82ea6082114df2083c83ef81797bb1cac60

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
3a44d054b602350acbdcf07a251f0aa4

SHA1
069fc6c3e722e9c5dfba6123c1c7d349d281a932

SHA256
5ca770e396171bf2fe730d73a495e159eb0748a8a074e84ba3fcb835ee2a9fb0

SHA512
d9b9856f2113da25059be01583cc2edb52781821e5f7f7721d85e62c5a6cb28e19a5ce361323defe44dfc05181dcd39c331e3acd2c0c1569ebbd0e05fc02a845

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
727B

MD5
a42cebac3167d8dc1d9a8511ef9113eb

SHA1
88434ea84355de8a0d59b35c0f33e0a0720edba5

SHA256
a63f25273eb20013f5aa4e442669c2f8c5193a4a9d2f0a6e471eec7048350b5b

SHA512
6f3e39f04de144fb700767c203d02c15c623c7284a4a4a1f8e004cfcac7557fb157314202a09e1abd258de9d4f17a495e1181b65dc509f126bd452861b89facf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
1abbca0749285a9977e938ef511c8a17

SHA1
c1e514d90cdfed73b02850393d18471de50cbade

SHA256
ad447038b29d9c33477bc4d06e9d4a8264be39ba3ce76ab7619a2be31e9c2f74

SHA512
f1b2d99a5f42f03b683858e383766090d9921fef662767f6a4a98be7b440e240df18d662fadce3979884c4ab017f83b948d056b1bfbba7e5b0ba419068df1b96

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7fe22e3bc52e3363e91b74fb0b0ff796

SHA1
1293a94c355fc1cf1d31338e3c1e7920b3489e3d

SHA256
9dedf909e408f02785f54f58ddc4ea89b9c658e301992a167ef855ce0b965162

SHA512
e6501fe9bb28f4399ca65e2d63c7fb612bd23dfc54bd74ce5c87edb350204e1957322a7ecff2d684c9cca3f77d207aaba3475f0831b3ca74783abf276f86f771

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
9e1aee813a70e5c1accec44d2d267f8d

SHA1
f2ea3dd1f1cce334422b5e1b45cf1eeaea7d25a3

SHA256
df99ef48991054502d2bf5c1b268176a901107bfb011ed75e6df8469f43d4610

SHA512
d3006f20af8920de894790577ebe36dc269e34cb9ddc498c92c7154bdf70c9c0ec254c0c62dc758d74ea3cf2ddb57c5f56d7091bf3fbc868c7c4ce683601a128

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
617a8f7a099023ec22f8826d065c3293

SHA1
e2a1bf14880aecc57b0ddc57f26515d9ce764cdd

SHA256
5f8ce654443c5ea952f80fe2fed26f1daabfcf8506b6e11a630c8680f51a3686

SHA512
5800e605cadcc34fb8a3a6277675b51bfdb8b4ad37b46e9cf1e1ce302b6d344b2955766a314589ebbf3a1d439cdc54e9a9a61417f0100c991a500d308133378d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
bced58df91da57d7e15d0455ebcad839

SHA1
0c5e9217c470f4cf9a1ec1cdb2b00a60678abd4b

SHA256
75039fed27276796daa9dce4a6cbc9d0d8612cf4467abb199e90a4eef8f6d4e9

SHA512
99b8eac82cac8e0bff61f2656c8c0c4ab943fdd6483315d24d260e927e85dd6487df9c1bbc215e8795d81eb6454d21b5bef9cb59fb7275e762875c722e045bee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d21f41cbbcb88ea3884a573ac8890916

SHA1
cd38d77d785b6b3c6d8b4b9b0a057ea526c8c789

SHA256
58bbcf05fc4daa00541837b4f5f42834a1feef5d94dff37831623803cda299ee

SHA512
8fee082a1564f6643b63d5fe617d07f196ac6ee39b3aba96620039afb08b09f1861c5ec64a75b68bbe5df4ca1f1a96fa6b3b822be41504a0837518f9cb9bc1d5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2e62b3b95dd3db5f0eb473bd6571a0f7

SHA1
ce54805d9f4aaacdde60aefacea644fbbdac4072

SHA256
31ef43f2b94ef448acbf9f74afa060cc8f7a791361a1591d1e69bcd30a76b36a

SHA512
0aaa0d2796a85354cd0612b13f3ea6af5f9ca33080f7a80ba986bfa1057d1f92caa209a95bfa621c681296f0b9387049da25de712e4efd2caf2383a3f464097c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fdd63451bb3866b1fe981fdea9e1bc5f

SHA1
96a1c8b4fe4f90cc5362e4f51d9b9a9b1686f47d

SHA256
964765c5ee4d80be487ef295c7e1ab9388f161d10b4f8c5b557de5620636adcb

SHA512
f3831e75c48464c196fb8afc6ce9dec49086461d83eae00bf466cfda87afee9b3df80cf6521b055667a4fbee40006fe4d7bdb5b731e17ded359003afae6346f3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7e2d4f842f01cec51c3d8babc8b6a2b7

SHA1
71699852e073dd495e60d3ef53130444e2860cad

SHA256
72544cfbb09c4050377dfbc838d9085859b87639a5b75720641f42c74680f298

SHA512
01e2c10ec12441a9809ad6c2c89648106c2c6a43163b2d4626fc6a814302307e86c1ebb5c15c174906ba1fb84033cd508937e6cb593fa3d6be375042028fb20d

Download Submit
memory/932-24-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/932-85-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/932-92-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/932-217-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/932-102-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/932-234-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/932-10-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/1188-84-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/1188-2-0x0000000000554000-0x00000000011FF000-memory.dmp

Filesize
12.7MB

Download
memory/1188-6-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/1188-233-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/1188-119-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/1188-94-0x0000000000554000-0x00000000011FF000-memory.dmp

Filesize
12.7MB

Download
memory/1188-1-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/4120-13-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/4120-218-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/4120-9-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/4120-235-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download
memory/4120-86-0x0000000000550000-0x00000000015D5000-memory.dmp

Filesize
16.5MB

Download