Overview

overview

3

Static

static

3

Cisco AnyC...nt.zip

windows7-x64

1

Cisco AnyC...nt.zip

windows10-2004-x64

1

Cisco AnyC...er.exe

windows7-x64

3

Cisco AnyC...er.exe

windows10-2004-x64

3

Cisco AnyC...64.exe

windows7-x64

1

Cisco AnyC...64.exe

windows10-2004-x64

1

Cisco AnyC...e.html

windows7-x64

3

Cisco AnyC...e.html

windows10-2004-x64

3

Cisco AnyC...er.dll

windows7-x64

3

Cisco AnyC...er.dll

windows10-2004-x64

3

Cisco AnyC...ck.dll

windows7-x64

3

Cisco AnyC...ck.dll

windows10-2004-x64

3

Cisco AnyC...st.dll

windows7-x64

3

Cisco AnyC...st.dll

windows10-2004-x64

3

Cisco AnyC...er.dll

windows7-x64

3

Cisco AnyC...er.dll

windows10-2004-x64

3

Cisco AnyC...im.dll

windows7-x64

3

Cisco AnyC...im.dll

windows10-2004-x64

3

Cisco AnyC...ec.dll

windows7-x64

3

Cisco AnyC...ec.dll

windows10-2004-x64

3

Cisco AnyC...on.exe

windows7-x64

3

Cisco AnyC...on.exe

windows10-2004-x64

3

Cisco AnyC...ll.exe

windows7-x64

3

Cisco AnyC...ll.exe

windows10-2004-x64

3

Cisco AnyC...t.json

windows7-x64

3

Cisco AnyC...t.json

windows10-2004-x64

3

Cisco AnyC...64.exe

windows7-x64

1

Cisco AnyC...64.exe

windows10-2004-x64

1

Cisco AnyC...pi.dll

windows7-x64

3

Cisco AnyC...pi.dll

windows10-2004-x64

3

Cisco AnyC...to.dll

windows7-x64

3

Cisco AnyC...to.dll

windows10-2004-x64

3

Resubmissions

03/09/2024, 21:32

240903-1dvy9syeqh 3

03/09/2024, 21:15

240903-z35pbsxcnm 3

03/09/2024, 21:00

240903-ztqttaxalq 3

03/09/2024, 20:53

240903-zps4dawhll 3

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 20:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Cisco AnyConnect Secure Mobility Client/InstallHelper.exe

  • Size

    550KB

  • MD5

    18a5846e5f8357b5530a64b3f74bff85

  • SHA1

    13162485be9251cebb322619a9e7f38591dc6a66

  • SHA256

    8d9644a978ce012984decf1512c86ff282fe0fd01d3efc75ad87bbf53e2951bf

  • SHA512

    8db10b96615c636f60a8c94448a1bcaf0195ecf5368feca67b068143a0c69e8de9b2da6dc93da6f2ea006a99c2be13259d71c4d8f476a3b806b1de486f632849

  • SSDEEP

    12288:Dd1LP/msBEdy4TGYxQJUVcwflb6C7byjVU5:Z1LnmsBcHGr4Z7eBU5

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cisco AnyConnect Secure Mobility Client\InstallHelper.exe
    "C:\Users\Admin\AppData\Local\Temp\Cisco AnyConnect Secure Mobility Client\InstallHelper.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2192

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads