Overview
overview
10Static
static
10AnyDesk.exe
windows7-x64
1AnyDesk.exe
windows10-2004-x64
1Archevod_XWorm.exe
windows7-x64
10Archevod_XWorm.exe
windows10-2004-x64
10ClickMe.lnk
windows7-x64
8ClickMe.lnk
windows10-2004-x64
8Cmstp.bat
windows7-x64
10Cmstp.bat
windows10-2004-x64
10GoogleChrome.exe
windows7-x64
10GoogleChrome.exe
windows10-2004-x64
10Hidden_Und...on.ps1
windows7-x64
8Hidden_Und...on.ps1
windows10-2004-x64
8Hidden_magic.vbs
windows7-x64
3Hidden_magic.vbs
windows10-2004-x64
7Manage.bat
windows7-x64
1Manage.bat
windows10-2004-x64
1Night_uac/...in.ps1
windows7-x64
8Night_uac/...in.ps1
windows10-2004-x64
8Night_uac/...ge.ps1
windows7-x64
8Night_uac/...ge.ps1
windows10-2004-x64
8Night_uac/...gen.py
windows7-x64
3Night_uac/...gen.py
windows10-2004-x64
3Night_uac/amsi.ps1
windows7-x64
3Night_uac/amsi.ps1
windows10-2004-x64
3Night_uac/amsi.ps1
windows7-x64
3Night_uac/amsi.ps1
windows10-2004-x64
3Night_uac/command.ps1
windows7-x64
3Night_uac/command.ps1
windows10-2004-x64
3Night_uac/down.ps1
windows7-x64
8Night_uac/down.ps1
windows10-2004-x64
8Night_uac/...gp.ps1
windows7-x64
3Night_uac/...gp.ps1
windows10-2004-x64
3Analysis
-
max time kernel
144s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
18-10-2024 17:21
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
AnyDesk.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Archevod_XWorm.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Archevod_XWorm.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
ClickMe.lnk
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
ClickMe.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Cmstp.bat
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Cmstp.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
GoogleChrome.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
GoogleChrome.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Hidden_Undected_CMSTP-Reflection.ps1
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Hidden_Undected_CMSTP-Reflection.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Hidden_magic.vbs
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Hidden_magic.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Manage.bat
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Manage.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Night_uac/Uac_main.ps1
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Night_uac/Uac_main.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Night_uac/Uac_stage.ps1
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Night_uac/Uac_stage.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Night_uac/Uac_stage_gen.py
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Night_uac/Uac_stage_gen.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Night_uac/amsi.ps1
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Night_uac/amsi.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Night_uac/amsi.ps1
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
Night_uac/amsi.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Night_uac/command.ps1
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Night_uac/command.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Night_uac/down.ps1
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Night_uac/down.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Night_uac/payloads/0malm7gp.ps1
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Night_uac/payloads/0malm7gp.ps1
Resource
win10v2004-20241007-en
General
-
Target
AnyDesk.exe
-
Size
2.9MB
-
MD5
7cd339f9be1417421acf8790c9738922
-
SHA1
c25eff4d9d2d5b55f1cc4ffc623354004565e8b9
-
SHA256
ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3
-
SHA512
f118ea660a51ff38abc20a9ad16f6505cf8a862df1b564829d9af06710e0c4b91d0abbedc4b852696acf0e807a25138d82c2fc518cd54c32dba92f513467b411
-
SSDEEP
49152:vAOdl4d7NHNUb75uEEbOyYWHxL9X5zT/dPUAUA/JH:El8DFWHTN
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2440 AnyDesk.exe 2440 AnyDesk.exe 2440 AnyDesk.exe 2440 AnyDesk.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2440 AnyDesk.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
361B
MD53ae05f2c2c68b128224a30f0942ed44a
SHA14437fab0d9eabd1546afb505482f0e97fa3ae2a7
SHA25695b7e125e69c9f6bed6b283b678d51b02b8ca08c4a9cf94b2405fc9deb859fa0
SHA5122876aac406c7cd8366767e91cf3de4071ea85736a5e88c628747a626b8d752865dc2a3ec2f258a039bd3b6594d8e00149c09f582ae1b27a78efc67ad7b4dc0af
-
Filesize
1KB
MD54015a3c0e3623cbfacdad6010153bb3d
SHA105e748fd02731706bb6dc15f0cc394fb952cd055
SHA2561cd528c881d72795abd6275c7b75c08228703d2d145bf391da38436abfb7e23f
SHA5127db0399cd70d9dab1a97c43739ef74bfe4fff19ebd4eac4bb8ba32185dabb00e591213ad949beab0dd3aab5a4e6c071580bacab769a46571952e19bfa09bbdba
-
Filesize
1KB
MD5f64610932fcbafe21f718472271faf03
SHA12609bd5518e40fbf57ec2d7324bf97124b0e0e98
SHA2561a14fe3fe2a9086ef02c1730bf236285375204f5aa5361aee7b0608c47ed9871
SHA51277920ded8a2abc48d3dc5377da3426b91ce5e0044c3fc9d371fc3b907d54bf15a638dee032ad05a3259fd051cbd8a3e892f1763b9c16ccaeb9097c1de15abc93