Analysis

  • max time kernel
    1795s
  • max time network
    1799s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 18:43

General

  • Target

    AnyDesk.exe

  • Size

    5.1MB

  • MD5

    aee6801792d67607f228be8cec8291f9

  • SHA1

    bf6ba727ff14ca2fddf619f292d56db9d9088066

  • SHA256

    1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

  • SHA512

    09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

  • SSDEEP

    98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:3332
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1232
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
      2⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4860
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4088,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
    1⤵
      PID:2236
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4208,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8
      1⤵
        PID:2868

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\gcapi.dll

        Filesize

        385KB

        MD5

        1ce7d5a1566c8c449d0f6772a8c27900

        SHA1

        60854185f6338e1bfc7497fd41aa44c5c00d8f85

        SHA256

        73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

        SHA512

        7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

      • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

        Filesize

        10KB

        MD5

        9a6c6b11d67af77eef7c9474cdd5de8a

        SHA1

        41e3e40df02a37857bde6256021d474abbb54f08

        SHA256

        e35371f880930666834d31d6884a5c2ba8fafdd52a0b4dac1f5d14a522a09da1

        SHA512

        85490b08d90592660ae1c9530c9d012681153c5f2cd827b4e3b98f988ee5fde906eaf5b1853c47294a7098638a3b4c9aa4bd915a2256a82e781d9bbefb6e6eb6

      • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

        Filesize

        2KB

        MD5

        cd39f44f2736009ecf105b4ea91a15c7

        SHA1

        cb61a2a9f93af0c5b7186ae97f2865375eec04cf

        SHA256

        e3e7a0d7a2ac69dbb2cc62a8a132846e14ecdb6fad3c36b49f39af3fea8011a6

        SHA512

        c0d952ebd0c2a6309fecef21eb7b689b3e58d35f19d1eba59063e1331b8695912a536d26328db93d095363af20602bc68f9fae6704b1af55e354139c77ad25ff

      • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

        Filesize

        2KB

        MD5

        2f5b9e278fd5c9c6634f2e789a645d30

        SHA1

        b4f5679e052410c94119492de8d0446a67dc8d29

        SHA256

        a7f9a0371610f5dbba431773ad59fd2968fd009235a120d423a31f185e48a147

        SHA512

        5caa8273beca5494e9573c52d95bd81cfaadc41fab67977d6f524783551cb2448b448874408576cd22a80076f76f7d1b2da8ee122d331adc285c3904326b6661

      • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

        Filesize

        701B

        MD5

        ab23d88c7da4a48fa58ef898a77b79f2

        SHA1

        53b35a2b4c194ccf7d716b85c10a381b66385e39

        SHA256

        1df6b71bcf4ecbb6e37e6f3a99633f6977ec9a439e91b4f90e4913f584a271ba

        SHA512

        561f03e8941c99420b24ab30327b7143c1571d5358117ead904ac28cafe138bade0f802607f62696ecacdd819d55006f893f5e01d6304b0fb454259f4b1cb796

      • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

        Filesize

        758B

        MD5

        d638e5be89a79915338f1bdbe59b05aa

        SHA1

        d04fcbdcc379cf7c82f50217262eeee857b4e5fe

        SHA256

        29c0fecb99f6515099821462c6e3b3e3c2664f0d3ea1df5e9ed7c8326cb95313

        SHA512

        75119afca04bfb93b19c39bddf81c5a11effddb17030eb362e9f3ca6f3fe77342f82b9aa68f8e3a615358bab78fe270d08b189373ee4d034677aa1b98b322dbd

      • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

        Filesize

        312B

        MD5

        0c04ad1083dc5c7c45e3ee2cd344ae38

        SHA1

        f1cf190f8ca93000e56d49732e9e827e2554c46f

        SHA256

        6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

        SHA512

        6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

      • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

        Filesize

        424B

        MD5

        9bcf3d6ceb92a12d9b72d633e36bd146

        SHA1

        9cecbbc7fd847c5c74acf07ab4c1951ef3fd23d4

        SHA256

        c7b4f100abcecfd85e4913c8a565564fbf65c9ef7778b79de4fff5e8a2a567a0

        SHA512

        7cb0f468fa409c325b1d324e7ad5a99d4688eb1b1d85b9712113aefffba5602134fca9df5505b8b5fe9c714a17c90ae7ca6f63858afe379efcb4e2fa7b664c92

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        2KB

        MD5

        5f2e1ac082f458d7df73db0171fdc73a

        SHA1

        50dc72ddedc0bfee9b5e1c9e9125059af85e60cd

        SHA256

        a4d4cd73407f9c357c06018775417f8cb8c70d8dc54c3a9942f56bab51fe09f0

        SHA512

        05bb98e97cf6263a1048db447561f9b87f1b8fb1bb350a0a7ed5e8c8822cb9cc53e9c825cda1afaf518a58cfc39f93c9ec6bb0df578956c809933b34872c9236

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        2KB

        MD5

        79bad84ac4a39159d0b47c738661ddd3

        SHA1

        7e5f2cbe93d6d71e7db854389788f474eb95fdfe

        SHA256

        4cb80e84359ea82c16fcad93192df6515e38d086c3b1f619297a09e463f68875

        SHA512

        e004c7c5415f89101df638f71f2f80caaa8d8835ef9178f5523d3dfed95d0214d48ba7a20da1ff70ce63b618b05a3927a609e7acf5b40baf800170883db8574b

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        MD5

        d41d8cd98f00b204e9800998ecf8427e

        SHA1

        da39a3ee5e6b4b0d3255bfef95601890afd80709

        SHA256

        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

        SHA512

        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        3KB

        MD5

        b70ab09325d3d45276efda253a41998d

        SHA1

        f6f68c6f614d8e54d61551809fb7ae204fcddb35

        SHA256

        9948f0d01c6d0ed4f9ced93d917ccb62258bb02d00d0baad9303c5909fd89b36

        SHA512

        dcf50b1b07bc913189f9b377a65fcfe6cb8efa918e19fc121ec9d6758e5a00327462fa87ad6a67eb9b653c8c7ed85cd64169e3b27d914ddd2854011d25ec67f8

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        3KB

        MD5

        55519e42dbad43c0f1512ca08f301711

        SHA1

        712f6212944a458a56f4999a29927b77630d5a40

        SHA256

        b62d4ddf53d74bbf9d73e6a0c8e9d365b8ed7c47ce6ac77bad7fc07d770c5385

        SHA512

        aa3d10b4d5af4e5a5fe1fde0864a86e68af32fa835780e6914c5c1c3b5f4fdc76a74b89d884711971443eb90bb0c45330eeddacca4cb2ca91c901dfb04257031

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        3KB

        MD5

        30d2b73757396925b7207f7460284279

        SHA1

        c8468c46a09f865667ac975701b6e34554f7936f

        SHA256

        eaf59d4348a348c33bae03cfd0235690af2d8f1873e1d2ef8bbb53c0a6142f1f

        SHA512

        816023d4bf5652bf320b9a9d4d4a8f1dcda37de6d83cfc576b5465878c4e90b09233ecc3849470a185fb29def0075f8b9dc45469cbb2f911f1df075af4d7ded9

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        1KB

        MD5

        f2b0fba22f44cf44504f9ba900a7dc38

        SHA1

        c6a8890eae7f4c322f26fbfb15f877c9b06487ab

        SHA256

        4da96caf2ab2501429ad79231878db85b3163b842d858bc670521a2e62c43665

        SHA512

        c6075556a69fcd4e77f4c7d6ce9845a6600316a50cd1b2cbc0b507146a679c6acb75fb7973829ad8f1e4011563403f8435c403e04096c2757717877e7108dd3b

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        3KB

        MD5

        e034e4d755783466896e86d4e42b1728

        SHA1

        efd7269a673f4a9cd50ec4ddc591b5a5f4fd08f2

        SHA256

        3b1a7d88d85f0baca859ce50f55d86b6102b98041ea437a824b8a01a3e856d5e

        SHA512

        f7b77a609cfa32c59ffd9c28dd88b99e9bd8a2ddafc8f5692949ed6dd997a98ba3c25412c3ff8c9a1b1bafaa90f774fedecb3926d3ad290a280cb6d86475f2e8

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        6KB

        MD5

        336ac4f55e53d132bb443dbdb2b827da

        SHA1

        1e725ce3d8ac4da35d5cb8e002923844b76933ef

        SHA256

        10f00060c5c4ff32c0834514d5a2c6a1ee924ca4b97720b3b4cdeeb8feab11db

        SHA512

        65354a7a2b2c8a289a045e5383dfe6dc558011e926ef40f1668148b44ab0bcdbe5636715c67e970389877cff96f97b35ee8dd4fc96973d464b1706c0c9a4ed43

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        6KB

        MD5

        66dc7748fe651f472a0f65dac7bde6a9

        SHA1

        1cd80e39e3b4cacd4d9316b11b961e9e54d600f7

        SHA256

        f42d70f7b6052a740bf34917c3faf49cd9b6b5bee641ab6cc32a7d3b30299f71

        SHA512

        4eac17e8e33bb378da0d1d7d2406069b734c172035d2dbcfdde3cd615bb34fbf53836cfc1918a6870cd75944b0999cebaf59f7ca9350059ab5f7404307dc04bd

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        6KB

        MD5

        0a9b9879c9b4fab1c3a2dbdd10e5a7f0

        SHA1

        123785a1e546bde8263d671da8a33ea02c5082b9

        SHA256

        e5bee25940f08a31fada4bd88775587ab90c265403f6ca727cb245b2eefdbe23

        SHA512

        6c2abdda87640e19e581a4230f0cd7c29566dd11717bf8b46c4c10d72af925a2d729885b1053d27a9c85dfe3727a1871381672fe641d7f8ac3580879c616907a

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        6KB

        MD5

        a76f961d9d4013ae5201a47da4a3110b

        SHA1

        4ec0a027aba4d8ff541a37439c60ed57057bdbdf

        SHA256

        cbbba58359e65eb006a60a80a5a170f30263621da4c9f5893722242556a43a3f

        SHA512

        5427878ea7a54ade4ad18c12342d6f0481f9f45a6e1d7e656e0658dd26a468d44bd58a3cd2828191ab831ee31a84c3d97fc364da936fe9d12ad3abe5a8706d40

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        1KB

        MD5

        af82c5058a5a0307975a040d1fb34ace

        SHA1

        8d33cdcb9d8ef2473a0a8c2ba862be70e1fbc2d3

        SHA256

        90c956ea93e8a8c2829a3a5af2040031a0a146562c09acfec7339da5212595fb

        SHA512

        7ee5ba6eb5154add2dc4e7cfa871e8285729c9903a68c748ceeec74d8d0916e111aafc7c7c6ff569bc8ad09ca04c743d0ca23d59863a0f7af3464986597ec665

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        1KB

        MD5

        8438287108aa817a655d2080a101699c

        SHA1

        a05ff2f020dbc3be35686bb275d209f02b82f53d

        SHA256

        58b99839618eae5794daeaad065880e464027276a8a9b27f03f1bcd47f0a253c

        SHA512

        d7933e74db372865fccce6cc1574ae3bbb1bf42bbc2c6c8442c201af1033bafa84b85d203ab51b7a2f4f40e7c886157a78fb6b1b47e27fc2d539ac23aa7c5d9c

      • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

        Filesize

        1KB

        MD5

        b377c8ea106780546d33fa8dd9a4f7de

        SHA1

        b943df8eab0c67eded6cec18e211d58b8201ea3c

        SHA256

        9f29e496cb1d008eb6dfd270b551d2751615cea02640f7d5def3a20dd3d159ad

        SHA512

        0d8da09aac83536e797ff0f2f8d22ba08f1b130ccee010a8c0ae7d9b690aba760b3c67b2ccb3eb2e70fda25fac926118de68b5e662a0315eadba82550e1d1dff

      • memory/1232-239-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/1232-12-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/3332-244-0x00000000004E4000-0x000000000171A000-memory.dmp

        Filesize

        18.2MB

      • memory/3332-0-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/3332-2-0x00000000004E4000-0x000000000171A000-memory.dmp

        Filesize

        18.2MB

      • memory/3332-238-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/3332-7-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/4860-10-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/4860-14-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB

      • memory/4860-240-0x00000000004E0000-0x0000000001C29000-memory.dmp

        Filesize

        23.3MB