Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1793s -
max time network
1799s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19/06/2024, 15:49
General
-
Target
AnyDesk.exe
-
Size
5.1MB
-
MD5
aee6801792d67607f228be8cec8291f9
-
SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066
-
SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
-
SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
-
SSDEEP
98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Malware Config
Signatures
-
Unexpected DNS network traffic destination 22 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of FindShellTrayWindow 28 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.anydesk.com/knowledge/anydesk-id-and-alias?utm_medium=app&utm_source=adwin2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5b7746f8,0x7ffa5b774708,0x7ffa5b7747183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4252 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2493141906971556382,11077847033867039102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:13⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
6KB
MD5e55cfc36779fcd6da50af1eb75c90591
SHA163fb0063b88b91bb810ee9f8646267c323675a95
SHA25623c74831df173d3517c1d90769b53d9608eac4a6401c99955b0b9c1db50a517d
SHA5127401473fd59fb63b061c8481d5cc2e3a0ef8b72619ee4d698a1401ecc81e5f4c8750630f7a692c0b68cd323034772199a7e34d5852b45dd894adce688791374a
-
Filesize
5KB
MD509c9008be4440ce5196c68c17a0cf882
SHA1380d53bedba2083a27983c48d1de3af08b82cb65
SHA2564bc18272114baa223cd94e92a082afa57cade3bfbdb8779ccc3d0879d91b96e7
SHA512048cbc5180d4cd30d99c350363a2b300e786031e2a6d74cdc1c3019c33290283c7935e1092db5b8291f34f5b33151c571dd321c2b2575977614f760b3327b4d4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD5a092349053f9b9fc044aab00df927ccb
SHA1509e423a3339934ff99b6f8a49d881c01c0c4bed
SHA2561f1f06e407178f9f0874e99305366465ac34ea4400951cc45690df687123af03
SHA512f11e8e11c7ae375c582831db4e44254a4ce2c16b7a80b3b2d876557f8df9690fb07eceb809a465f3a62a0f411f388610e44eb872c83cab0e7112a9854415c595
-
Filesize
8KB
MD5791eb97078449da7760469697f0c89e6
SHA15f7e40ad861f1f2edf96df5f7c9664eac7ee8e70
SHA256a70af589717a8f196d2623a49ff3c2aa85ee4c01d1dcc052e039ab0f92b99402
SHA512fb99bed653a0765bdbb4f25e87dd9445f0434b031205569a6478b5fea14cb1b9bcbd8e1deaf457942c1b68b9e88b5c53dc0be595b06f713ea7f42a4a648cc2b4
-
Filesize
9KB
MD529da7c1600394235d35b262c15d83ac1
SHA194b0541ee3db92ccb6ef49be4d143613375c013e
SHA2566b237f4b818c111897ca5f8feb574b3444918ff08c2174ac82cca52428487e43
SHA5120f1ea4ed19c3c4cd8ae1c59cecac23444737fd07f1cbbe04bb5fa610c1b40743c0c57e4b8fc955c7589f6ae2b792e5aaa4d34b007a52fd5ad7f45f16b5693737
-
Filesize
2KB
MD5e270849b0face66243a864366614ca56
SHA192b3b1bb5b5f01fd85ee2dadc38450154dc00bf3
SHA2565dc2bd45188070340aa3c504594ff5d534be8d03a00a15df99525b393d965c71
SHA512c64bb4748ab3d52f3baafaf7eef1fd5e49b21d6352f0bb703fe12183a3dbb4f35c1174119dfc4bbbf77de126b2410d9ac45df84daf1d3e5a6a6180cdb9a64463
-
Filesize
424B
MD5c8190c81169949dc8c5c3a7d37f2d30a
SHA1a01312baf1b3218b1a9203a46cc9932f92dabf0b
SHA256537063ce8ed7b29c6bcc46d248075dca2b9baf6f6239563000e7ff8abfd6e413
SHA5122cce8762e650e90bda312031184c2f3f9c00965cc9aef3b5d6246bd847d1dd849f7c5682905e056fcae7059084fb10e0bb76c9aba79d7c39a601850b7f523712
-
Filesize
312B
MD50c04ad1083dc5c7c45e3ee2cd344ae38
SHA1f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA2566452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA5126c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492
-
Filesize
424B
MD5f63b864984bebd54a86dda0f988e7389
SHA12cc5baa99780fa89dba399178e66dd436a929952
SHA25662e383be17021a256f25fd89784205fbec07777ec58a3c6b515b3cf2b67ff7e9
SHA5125fe4b71e5d55f4f5b45e63665041f9158b859667c98cd6362a5aa29004434918bdf2f29d44e1b5b78f3ccac0ba5d9f6ced1212d0319f01956b7b97123306168e
-
Filesize
1KB
MD512fdcee3822a776c7247cd684246ffe5
SHA10f01589d8ea906ae2fa615ec8fcc74706d2a0b58
SHA25672cdf0692597992ef7c534db912013c09e665bfa04064149855f7a9ae249979d
SHA5129a6d1aa995d1494ace71a76005661eb23461e42b31bc47312338404e318ae53a118e12e8e5edea4839efed716597a5897369c91f838bc48f9b5615da41a363d5
-
Filesize
1KB
MD5912f136d0be18fcf669eaa812bd3aa7c
SHA12f4b9fd06fa3394a6103dd7d25017bc1b6ead027
SHA256eed19bcc208779a81108035554f674389cd09ceffc045e2a326a29d8ac3b35da
SHA51202605466878b8bb5a5c6de0788aa84480a85f3e72f70e7d5e801ba5c806a1ae098a84491485a49eb8a9c75db749b79937ce52118eaf04443d3c260a81652aa7c
-
Filesize
1KB
MD56cac8712deaa0376149d0f3c8411ab43
SHA1f933b94f74ad41ccb8b3cfa04be6a0ad4d961671
SHA256233bd06f8abb758237cee0da83a7d24278dbcf1564c856acc072f0ae7bb9ed02
SHA512750879586df94adb6bc7135a34087f90b2ef95087cd83a53fce49670d51f8f23eb32d03866611be46cc48ac28a6ee2d94bb9ccad1b845c232b537f59b6d77d13
-
Filesize
1KB
MD58b8d28a41b9dc40a156522e6c1de9f8d
SHA15f4650b45bad8d245bc317365e2d9183b935a92d
SHA25609210b2f72a7fb76ead4441525c9ef4c4fea8bc78fe30e04b4e2e71e0d80aa89
SHA512b06b8fde05e5c4ddd8d4479183ab35d7766bd179cc18bb0941edb18a4eccee039d803c5766877bc4ec3201d038caca1f207e024e08baf2fb77cfd505e15842a5
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
23.3MB
-
Filesize
18.2MB
-
Filesize
18.2MB
-
Filesize
23.3MB