651907c1b631bdd79f8aa3f097bd23156d168a1e2c489c41238ddfd1f5434ba7

General

Target

anyrecover-for-win_setup.exe
Size

3.1MB
MD5

fc21b78d8012dcfc1d94185ed5083dff
SHA1

23458457bd546befb18162bed4a408b7d72a2a18
SHA256

651907c1b631bdd79f8aa3f097bd23156d168a1e2c489c41238ddfd1f5434ba7
SHA512

5861c71289e155f2cff57f28a160ef8de217bc2388b5f64c851b7045e7b59640e6f98e3090949ffb5a6859d02abc0804eb3ebbbcce412b45573dce8b8075408b
SSDEEP

49152:JY9Vgae/6GLuni6Ud7jHdh3oc4A/naB/YPqv7d/nWcRVROqMIM:JUmae/6GLuNaj9h3oc4Ay/Z/E

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 45 IoCs

Processes:

anyrecover-for-win_setup.exe

description	ioc	process
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\French\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\German\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Italian\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\English\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\French\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\German\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Arabic\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Portuguese\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Thai\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\language.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\ChineseTW\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\French\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\German\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Japanese\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Korean\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Dutch\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Spanish\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Thai\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\English\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Japanese\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Korean\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Spanish\text.ini	anyrecover-for-win_setup.exe
File opened for modification	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\Log\imyfone_down.log	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Swedish\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\productInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Chinese\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\ChineseTW\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Italian\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Portuguese\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Swedish\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Thai\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Dutch\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\English\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Korean\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Arabic\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Dutch\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Swedish\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Arabic\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Chinese\text.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Chinese\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Italian\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Japanese\UrlInfo.ini	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Portuguese\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Spanish\install_tips.png	anyrecover-for-win_setup.exe
File created	C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\ChineseTW\UrlInfo.ini	anyrecover-for-win_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

anyrecover-for-win_setup.exe

pid process

3244 anyrecover-for-win_setup.exe

pid	process
3244	anyrecover-for-win_setup.exe

C:\Users\Admin\AppData\Local\Temp\anyrecover-for-win_setup.exe
"C:\Users\Admin\AppData\Local\Temp\anyrecover-for-win_setup.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:3244

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\imyfone_down\anyrecover-for-win_setup\language\Arabic\install_tips.png
Filesize
2KB

MD5
28fbf016e49eed024ebc37a11e1f883a

SHA1
032ee9a583d9482cea6cb617925a8ad0be9b175f

SHA256
78afdaf35fa6173b08621270842b5d8d899b966ffdfa986a9e98f372afd4f419

SHA512
fe250df9f481f5b5e9993834059f707bc51af1f4334fae3e1f0034b802dd25aac4aec1a27478c65e72b4fc353ff49e555bb92d9a51ccd14605c02293baa40cb0

Download Submit

Analysis

Sharing