fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
1s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1524
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  PID:3676
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
8934106619909dc171dbfde227b01b7a

SHA1
243bcac398179218b6aa7ec82c7d1adce2089c9b

SHA256
21a6f838dd5ce1edf626f807ae1ef10790e254acfc05530778a534991e5da6c7

SHA512
2fc83c749531851dfdbfea3863e92b862542fa03a1f31900cd49ddd84eeb4e42425813556b0c00298c84cf6089aa7f8053775da42a07e3b948537415658ef4eb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
a0f5486ec1ee80babcb6b99f82db9eaf

SHA1
94dffdcfaf731798a3f539a2238469d78ee21c3d

SHA256
df07060ad0e55bc508f0abe01a015a743eac18362de3c32dc301d62215bf5643

SHA512
fc72051462266ec5ccb319a019fe41ef0f4dce1f950dda499af8b57b2bd4a08601526f6c096b9dae971c7cca6e2d05ffe57c782eb5f3cf052c77c9515560f240

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
1e46f53e0f28b5f5c6dc16d06eb00f75

SHA1
e41dee15aaee0979f1180d0e025b3fab08762112

SHA256
9eb47c4673a23121e3579a5efb8d85d80b1d958c80f7c9a87e0cb1d6bbad4cdf

SHA512
7c01e6ef67eee3ffb942beefc82c026fabc4281b4d6e5c0cb032625f74199e02684d0847af70a74fbaa73703ba3fd87c11499b72924aa35f0c9a22bde4440f44

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
c60b12c9ab45bc8fd3eef282fc9412ef

SHA1
496f943730e409fd417c42e08ecf6804009e5c70

SHA256
0141eb323fcdcf81f0564cdb2f5f0fc95119e17ffb1af29001e235dd1b15e8d3

SHA512
129995afee2ef05258faf1fe10a449771cc4733c71f9e83e3e850c17e4a0a131f0e083e007acc150e21c542cf2a7980464edfe5dc10d8a6c8d579d04bbd7d002

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
ead80e3cdd322b672dbfc7213a924605

SHA1
f00518dd989ce923475812b8fb9c178f389a3fb8

SHA256
d51beeae2843a043c5eb7a18ec8c6270af724dcdd6354bbc47b31806001c3d5f

SHA512
1779421e06fa25191f03b112624b37b735cc1cd0bc38ab51f5c1dc32f79632dad9fd28a4de1619479f853798787e2905ccbbed006056cccd78037fc61e32c8a2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
775B

MD5
c70a8bcf344907224a3024b67939b673

SHA1
1a520f22c21cdbfe8ee981d05bb4b052338aec0f

SHA256
15f275e5dbfaf9213f3d7f1f4ef893b40c471576d910bd72b0ae2a8e6fbb4711

SHA512
a7e102aaacf4dbd80055f6c50bef8a5b86d82bb0fc8577f43d30998cdc92ec1395e90cf53b602ccfbfeaf281c3eaf0b34c026cbf6c94635fe71413fd25497087

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
37473adc5ceaf5ecdf49b3d6bde6ca31

SHA1
c02c5493e8c25764368484a17320c7efa884828a

SHA256
fb0ee16872a9c3d1382ad5ff4563071c2f6f83808fcd62ee2ff964b0d4233aaf

SHA512
e1f837b60eac14c02f7676ddf38004977be97ea81ef77fb4af5d52ac2343f74a0c2d12bfadba5dbf1a94f87e392e6584aa04915fea489f432ba334d24d2dae7f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
d49c8f5c91b146b4ce6ae4d44cb633ef

SHA1
4f2c3b05faf34b0f1dfb2a96fbd0efd8ba5ce2f9

SHA256
5830dec5852201f475a35dba52c9b1cf77a26e1eaf3a49f03c19712b77d57294

SHA512
7b77f482518a3a4193203f8b8ea236ad740647bb63fef22baed57bef751e255045c71bd2d49f9f5840655b05bbd30539950ae491b81caddce852bfa9307c1ccc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
7211a127b3ee8a703009ebaf4b337202

SHA1
3539a2bcd575b71f3bd348aba836fdac1dee3dae

SHA256
fd90073c501ca618909ea59852f0cabf6df1feb1b1a4f199333c071c23643e57

SHA512
51b82660561c97d59cc6d54703d07147ce1e8277ba24ab8c5efc145cc9a28bf8bfdf3e973a847920b942b22b63f49cb62b69e05cd3ed00e002e8380d6a47786d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
b496a12104438e55f31d83ea13a31a61

SHA1
36dfe5f9cd1303cd1f17257678b38e18e457c98d

SHA256
969f6c5410a1b164e734a7f46f5203775abf45feb6b4efa114609bb67db9f43d

SHA512
412e728d2c4566e1dd9b81455aa1abd1822a7be6c0b5bf89e5b00e2596cccd5611d52ac1db6ea7125967ce30caa4ef1d05f89a944152a9d14ac13b474e6f8899

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
635ff1d7f3445feff9be4e5b01556c60

SHA1
2a41c2fc38d90b36e72aaa8129330830ae6f6c3e

SHA256
975005c22051bd57a65dd7eae414d00ae0feb60210c27ca3ade2528e3805ec00

SHA512
46824b211bbbca2e967faa1c25a88c36c89d8ca3929f6eeeeeb66c299267d129a45bbda6602a94e9ce0d53dd1f4935fb2bd84970c84d0d557d7412b37cccc451

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1d987b94356479514d88a83792baa15e

SHA1
8a9624a54fbc3a6b78d09529540471d932596e5a

SHA256
4ef5ecf7f4ecac3dc162c9c99ca8a9bdbfa228d75a5cd4325ea96f1f8ade3e47

SHA512
172080bf32212ffec0cd0e0bf9d40e94d33b84965920ed02830d9df40720d127cb225a3bc4b0002374eed376cb6872554e1fa92da31a9f6a97dcd0fd94ded0fe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d75597144402d92459324b1ba5428072

SHA1
66f07139b85cbfdf370ab83e462d78369f6dc1bc

SHA256
3a7fd63de190c52541b5a3f9382cd455ee4720e22f1e6c0447111e110522275c

SHA512
7ba45366b7c560145200974e97ee3afb716dd76f7da605681fb5423457df7c36f5f9d5d603ae837a4f924f55f6ec92eb598ff47988d4705b9e056000137b27c7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
a01d99efd3a2db3c42cb5da04ec3aa96

SHA1
03f2cfbbfdc0ef90d4e38ef921bb817cc32c6fef

SHA256
ca7330e8fd9f1b75a06743fc7258aa14716b9dbcc77f880d6e54caad0aa21b2e

SHA512
6599140419bb679438183fc5299b52a9ff96ca42dceccb0c6f3eee045f13361138df76e11c3257be56871509c84efa8b7754a0c095109c473d3bc50e36eb02b8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4305f9634912048fe1bfd1a15d106f2a

SHA1
f33cb0ed8a580ccd29de2870bd7fc91a631c0afb

SHA256
694ec51bcc9751fa5af9f127c08f0f1a62f6124e7cda2c18db89888229aefb0e

SHA512
007d522ff0b25fdf68edd8535433c93f703009f7a7ad30b19c14c02b807ced932bf0ea4d930fd948fbf49c3a9c4dbcc8e612b912882aa3ee195f948b9e06eb50

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
5a8d35439eceab0bdcc9c1f05abe19d0

SHA1
4d39d5ea7850a8e425cbbf3e16873a7dfc6fff09

SHA256
6364e62cf3e4ca0cf8a4e76cf3e3399a5722584df19a983416ae6f19022d12c7

SHA512
677bba3911ea8c0340b3d53dead61e4fcb0d9232c3183525167b56fbb606bf9a41819f3ab7a15d04ea351336c3aa056e7e22463941f6951270b635a94dd46a03

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3cac76eee75c5444e8511a96dae530ab

SHA1
6b8d72360e2b4826c159b33766afcaf2a0a1824d

SHA256
3565d563d65d1ca70a20fcb73877122a94bf2e2f9f223152620a027935d6f26b

SHA512
cbab114d9e89079eb89e74f96186b95a4f1ce201a55e1537366de69cf493b73c29cdfb54a1e18692085de2c6cafeea6adb448fb8fd48b6bf2273c821ba729d2d

Download Submit
memory/1524-1-0x0000000000460000-0x0000000001AA2000-memory.dmp

Filesize
22.3MB

Download
memory/1524-0-0x0000000000464000-0x0000000001566000-memory.dmp

Filesize
17.0MB

Download
memory/1524-5-0x0000000000460000-0x0000000001AA2000-memory.dmp

Filesize
22.3MB

Download
memory/1996-11-0x0000000000460000-0x0000000001AA2000-memory.dmp

Filesize
22.3MB

Download
memory/1996-14-0x0000000000460000-0x0000000001AA2000-memory.dmp

Filesize
22.3MB

Download
memory/3676-10-0x0000000000460000-0x0000000001AA2000-memory.dmp

Filesize
22.3MB

Download
memory/3676-43-0x00000000059D0000-0x00000000059EB000-memory.dmp

Filesize
108KB

Download
memory/3676-42-0x00000000059D0000-0x00000000059EB000-memory.dmp

Filesize
108KB

Download
memory/3676-39-0x00000000059D0000-0x00000000059EB000-memory.dmp

Filesize
108KB

Download