1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Analysis

max time kernel
2s
max time network
23s
platform
windows10-1703_x64
resource
win10-20240611-fr
resource tags

arch:x64arch:x86image:win10-20240611-frlocale:fr-fros:windows10-1703-x64systemwindows
submitted
24/08/2024, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk (1).exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk (1).exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"
1⤵
- System Location Discovery: System Language Discovery
PID:228
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-service
  2⤵
  PID:5104
- C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-control
  2⤵
  PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
ab6dd1923158fd164b623d4612b2a318

SHA1
a74a12466ec2a3206389619a034e3c1af553d706

SHA256
f815acf35234c5a0de6cf5dc7730730a32a0437de278ec4a27498c3cbe5dc26e

SHA512
bbc9e5b3ea4fdd8693ffbaca9e9d494b1f5021ef88d4bd818498d5760514ca97d62bcf79028000d17c585b42cdc1e185236a165bf984461f2c13e134a96a5fcc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
76e00b323beb12e77103576204cb50b1

SHA1
1dcdb16ec4460a2e80df626ce7a6cffe68da16c0

SHA256
ab70b404381a143c6e5f048c89525978a3373689cd58bcf3545789b89889bf82

SHA512
bd1e44e21bb4a10218af4cf1ffa68a8042e5b45b3095f5f175b89d0958313336c334714b45b24e9819901ee1303474bbc460811779e7476946c94b23d03bdbb1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8dca32bf5bcf2e7f706738689e0ab775

SHA1
011335a87e9d2a660fe218acc2ced28989465901

SHA256
d0402a2f3dbe04d4f76bf4f263cfe0764a53e58a6efa42f942b0c92f1b422f17

SHA512
8452fba0b64601a6eac985288db377afe320768369df68d5caab96079013eb34c974a84b4e4315460e4e978f8c975550ae3e342abf8a3ca5198a991dbc36ce0a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
701B

MD5
7069881b20625b219028438f093f9aeb

SHA1
5052cbbf7ad83cc62fe71e42a2fcc45b61234be2

SHA256
18eed1910a0d51560348211fab3b19dca776642599cb231b876a2999361dc85a

SHA512
50df47c9845fa6d512bd81a83f998cd11e0d80f8a6e536286391b75e1bb8dfcca022e4809d1166fa3087c3e6e2570649853638a4fa0da6af564986bbd3660d91

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
81afe3f7ac955c52454ca8f327e802b9

SHA1
dbbddcc3e8e1ed65591d2036762a2e8c960b6f77

SHA256
1cb411a1a224dc432ab90782f3beb1c9ff700b7e8f785bac1e9b82fcc2141c15

SHA512
16798104dcd49c6225e86d8f7b6e811154556161960fad6ea07f9030750dad4d516946f95b15a0671a50a723475de2cc1a77cf1ac2bc643d94755fada75c9113

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
30c3a9c33dedb489d648da0e79b67dfe

SHA1
84cfe1e7571a7af0a927916b72af365ca0b95c3d

SHA256
93139a2b7bbc630c874efd95a4ffffae0fa1bafbd50793a38a09a61174504a50

SHA512
c335172e9c5d5176995ab1e0602d603f16e8e281db504be97d4399ea6ee32c90304eb71f4228f36df8e44921ca0845cf119bb318cb28bd1e1ea62a6fb18c9102

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
2d390db7ab458067c35fcdd32e6b471e

SHA1
8e5f5ac0e44bbf471ab0678ebaef13cf9e596df6

SHA256
e69d72ead61dc5d4646fe47d71d192aacfca3b3ab9018eb4da043955632bcc17

SHA512
9ed84a605c2cf7ffdf93c439ab356094f0ccc50e7f24e4fa217139b07bd344732f8dd51196b6edfca76169f1167c2fb31090f87b2096661aca41b4dce8bbc21e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1f65df50fb1965ebc06228c8a16a933a

SHA1
8d8a256b09f41fdc2b526feeb1af958daca3feec

SHA256
7ee527729ff7d07b84b14ef91a58eef762a9fc76ff3703b9e4c4c2499093341a

SHA512
cf4dd07a99472afa8fcf7cf709f6b1d2e786aebda571537167228af989efcf1d33c719f99fbb9c81b84621f5e456412e6338f924b2cccf7188ca795e9442adb9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
6b3f82409b202fa4c1284e2b387f5632

SHA1
33934bde2ae27be499af88e65d4e7e461347a38c

SHA256
92db470b93b5eface24b34b82e00058bd8d15f3cc85ddd568e8c2860a323dabe

SHA512
85cac6c91dc6307eb6a46990eb25ba6337fb49454b2070e6b1240c5e365d35b76a8e8393c8b9c5615f8c257162de1992a58cf2760bb46c117df9197deae1bc7b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
302d84ac033dcd8c9b859c1caa29c04f

SHA1
e63175d1e422b7b01f5a11cd1d8946df6a612972

SHA256
15ef08be0cf830d706b33d5c73832943e70cd9238c5c5de8ecb5553221ba2636

SHA512
1b964b73976c52d23cbe2580d40d76b5666b3f3ef88ec2e7aa2b290c61ac7ec7954ce149cef1bb0316da660bf7a4aa2f8d46ced35ba015a0467a645411f64164

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
4639f0048a00b036422677954c6f1b7d

SHA1
3d129eae6e98398678121310e9f20ee2e71af610

SHA256
8b33ae48c7d4e08f038787e3b6624a85a17f0347e8a67586357f1d64d6cd791a

SHA512
0f7a4a370acb314e7abeebca75973eda80350b5369d913796b66fa22c18ae0f96d62657e60b0b340d1966b100c8f70e54e9fd82a7919203089eb0ac0e6220ec4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a3f92df69505f2f689f58feb84ff4429

SHA1
25f25c289886afbb0ac37014214c0c57cac5ab07

SHA256
8b1a83474a5cf52984f1af9b2fa641d37d4d4ed60b67d633504abe4fb13d2b08

SHA512
ae788a21e377d619a5af542aaa06a617b04ac4d09663d7e89e1a8151f633ecc0225b827cfe23f98d774cfd4a9ccb2e72a8fa395ca131fa2feb3364a13809af4d

Download Submit
memory/228-27-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/228-7-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/228-2-0x0000000000C04000-0x0000000001E3A000-memory.dmp

Filesize
18.2MB

Download
memory/228-0-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/228-241-0x0000000000C04000-0x0000000001E3A000-memory.dmp

Filesize
18.2MB

Download
memory/228-242-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/2596-19-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/2596-230-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/5104-16-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download
memory/5104-229-0x0000000000C00000-0x0000000002349000-memory.dmp

Filesize
23.3MB

Download