Analysis

  • max time kernel
    79s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 11:23

General

  • Target

    anyrecover-for-win_setup.exe

  • Size

    3.1MB

  • MD5

    fc21b78d8012dcfc1d94185ed5083dff

  • SHA1

    23458457bd546befb18162bed4a408b7d72a2a18

  • SHA256

    651907c1b631bdd79f8aa3f097bd23156d168a1e2c489c41238ddfd1f5434ba7

  • SHA512

    5861c71289e155f2cff57f28a160ef8de217bc2388b5f64c851b7045e7b59640e6f98e3090949ffb5a6859d02abc0804eb3ebbbcce412b45573dce8b8075408b

  • SSDEEP

    49152:JY9Vgae/6GLuni6Ud7jHdh3oc4A/naB/YPqv7d/nWcRVROqMIM:JUmae/6GLuNaj9h3oc4Ay/Z/E

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 45 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\anyrecover-for-win_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\anyrecover-for-win_setup.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    PID:3244

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Arabic\install_tips.png
    Filesize

    2KB

    MD5

    28fbf016e49eed024ebc37a11e1f883a

    SHA1

    032ee9a583d9482cea6cb617925a8ad0be9b175f

    SHA256

    78afdaf35fa6173b08621270842b5d8d899b966ffdfa986a9e98f372afd4f419

    SHA512

    fe250df9f481f5b5e9993834059f707bc51af1f4334fae3e1f0034b802dd25aac4aec1a27478c65e72b4fc353ff49e555bb92d9a51ccd14605c02293baa40cb0