Overview
overview
10Static
static
10AnyDesk.exe
windows7-x64
1AnyDesk.exe
windows10-2004-x64
1Archevod_XWorm.exe
windows7-x64
10Archevod_XWorm.exe
windows10-2004-x64
10ClickMe.lnk
windows7-x64
8ClickMe.lnk
windows10-2004-x64
8Cmstp.bat
windows7-x64
10Cmstp.bat
windows10-2004-x64
10GoogleChrome.exe
windows7-x64
10GoogleChrome.exe
windows10-2004-x64
10Hidden_Und...on.ps1
windows7-x64
8Hidden_Und...on.ps1
windows10-2004-x64
8Hidden_magic.vbs
windows7-x64
3Hidden_magic.vbs
windows10-2004-x64
7Manage.bat
windows7-x64
1Manage.bat
windows10-2004-x64
1Night_uac/...in.ps1
windows7-x64
8Night_uac/...in.ps1
windows10-2004-x64
8Night_uac/...ge.ps1
windows7-x64
8Night_uac/...ge.ps1
windows10-2004-x64
8Night_uac/...gen.py
windows7-x64
3Night_uac/...gen.py
windows10-2004-x64
3Night_uac/amsi.ps1
windows7-x64
3Night_uac/amsi.ps1
windows10-2004-x64
3Night_uac/amsi.ps1
windows7-x64
3Night_uac/amsi.ps1
windows10-2004-x64
3Night_uac/command.ps1
windows7-x64
3Night_uac/command.ps1
windows10-2004-x64
3Night_uac/down.ps1
windows7-x64
8Night_uac/down.ps1
windows10-2004-x64
8Night_uac/...gp.ps1
windows7-x64
3Night_uac/...gp.ps1
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 17:21
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
AnyDesk.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Archevod_XWorm.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Archevod_XWorm.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
ClickMe.lnk
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
ClickMe.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Cmstp.bat
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Cmstp.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
GoogleChrome.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
GoogleChrome.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Hidden_Undected_CMSTP-Reflection.ps1
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Hidden_Undected_CMSTP-Reflection.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Hidden_magic.vbs
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Hidden_magic.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Manage.bat
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Manage.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Night_uac/Uac_main.ps1
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Night_uac/Uac_main.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Night_uac/Uac_stage.ps1
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Night_uac/Uac_stage.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Night_uac/Uac_stage_gen.py
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Night_uac/Uac_stage_gen.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Night_uac/amsi.ps1
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Night_uac/amsi.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Night_uac/amsi.ps1
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
Night_uac/amsi.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Night_uac/command.ps1
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Night_uac/command.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Night_uac/down.ps1
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Night_uac/down.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Night_uac/payloads/0malm7gp.ps1
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Night_uac/payloads/0malm7gp.ps1
Resource
win10v2004-20241007-en
General
-
Target
AnyDesk.exe
-
Size
2.9MB
-
MD5
7cd339f9be1417421acf8790c9738922
-
SHA1
c25eff4d9d2d5b55f1cc4ffc623354004565e8b9
-
SHA256
ec0ec7ce8ef71cb7e7d1c2418c47ad94cea8833db8578ccdf94271f8efed38d3
-
SHA512
f118ea660a51ff38abc20a9ad16f6505cf8a862df1b564829d9af06710e0c4b91d0abbedc4b852696acf0e807a25138d82c2fc518cd54c32dba92f513467b411
-
SSDEEP
49152:vAOdl4d7NHNUb75uEEbOyYWHxL9X5zT/dPUAUA/JH:El8DFWHTN
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 5084 AnyDesk.exe 5084 AnyDesk.exe 5084 AnyDesk.exe 5084 AnyDesk.exe 5084 AnyDesk.exe 5084 AnyDesk.exe 5084 AnyDesk.exe 5084 AnyDesk.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e80fff3d64d64522346ca0b5772041a9
SHA1f0770ac2627626c0abdaf11040ed9ae78adce4d2
SHA2568e3608e0050403214aaed47fae9b5caf880ee157e3a968efe06fd57f58fbb5d8
SHA512e759a024641919284618a06b67356895a8bfdddbc7fcf8b2d2eb437b5d865f8513096b63bb23e0b9f56d43770246c2ac25fb36473874076440c16597c30e1647
-
Filesize
398B
MD50a0fddeea3fcacf9781b268a25c0b0f2
SHA1e2fba639ed0ed2e625c86db11209cad9250e36b6
SHA25649312e180a2a2f6b77a022609f7f2ff3a9e03c6c071407b5d7e5424838df7fb5
SHA512ee7df3a575e702182f85ab9ebcf53b30214d8c5e79da873f5175e11dfe5d88e0473c68d694d74f90900e0b0f55e5f7fe3978bac83de302de07abbcec85909c15
-
Filesize
1KB
MD52f516e907bc8c76050ff2a2abb54c607
SHA10b703e291a6cfc1c9cd1983024e2b732cae20458
SHA25612fdfa094fd1bcb8347496adac511ae3a9549020ca72893a6ff23ef8ce424140
SHA512d974699c65c438bfc0e8efe94891746cc5398c11fdca6787a6ffcb9955cc2340100f4321a94b789cae5e3521f59951c4cf0e57c9789900f1e977b554d2b38eee
-
Filesize
197B
MD5b008259a68acac2b0aaf34e026d15071
SHA1697bbff22fc653958fdc5dfe347b63b55a9fbd8c
SHA256a5625ec5efa960befa86a4dc8d52ff2d5aed4f4e960e05fb9a9e57549adc5eb3
SHA51234c79dc94ac76d25bce366761aa9011768031c851cb1b82b76377d99150d14d7aa54b2c55012d65158b5ac08da078672a9c3f98d61708a248460a390630bfbcf
-
Filesize
1KB
MD57571447e604ff350424e55d498d72c6e
SHA1f3f08e2adeb1a881dda0e822bc1c99705b67598c
SHA256473e9647ff8913d6cea6264a879cfe376154c0784e5d990f4339d88f6becdb41
SHA512158f892ccb17135b824701dc3581f13e8dc7cc7d814fd47434d305147dbe5479e0253bad30fcfc8da14f559f8b89c557b839bc513ace751436bb4fcb0de20a59
-
Filesize
1KB
MD57573fd92ecd20ce803d26761a4507800
SHA1eeb2517e35e87f610c7849584433a48d35bb86a5
SHA25644f92af116d9c80d3d5936f56edf7ac3b804df9e4a8a4a68bd273223388de6e6
SHA5125d15b6f71b059283e508bfe30050dff4b5d315aabae71f3f40ef97b1c665be641ecc5be8ac3aba05ac691a45b8200ba5c1f60bc048e09d3f5812c8cfc8731ebc