Overview

overview

10

Static

static

10

Anydesk1.exe

windows7-x64

10

Anydesk1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anydesk1.exe

  • Size

    5.4MB

  • MD5

    bdb8078d2259dc756393b1a4c0f4802b

  • SHA1

    12ab6f40c40876e59a022b773f83f3d0276fb7e1

  • SHA256

    c3579c8d457509c6fbb754d9daadf23bce8e984edf531e16d896827afd500a38

  • SHA512

    5ae59d1ddc7d00dbe4cc691f98033e02181b64b7d1a9d68538edd91365a02e56dae2965d528d34d0ecc21b817f6ccf507409ef02629c5b3c72ef8589f9bd3c6a

  • SSDEEP

    98304:ZtfdKXgOYVH8h0VHoz7NnXettSBlQL7A6C4T2tkrgnZyjJevostUe6x0X:nE3zh0VK7levLL7nCQ2tCKue6x0X

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

4.188.72.122:8080

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Anydesk1.exe
    "C:\Users\Admin\AppData\Local\Temp\Anydesk1.exe"
    1⤵
      PID:3224
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 184
        2⤵
        • Program crash
        PID:5716
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 204
        2⤵
        • Program crash
        PID:5552
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3224 -ip 3224
      1⤵
        PID:2620
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3224 -ip 3224
        1⤵
          PID:624

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3224-0-0x0000000000400000-0x0000000001B2583D-memory.dmp

          Filesize

          23.1MB

          Download

        • memory/3224-1-0x0000000000400000-0x0000000001B2583D-memory.dmp

          Filesize

          23.1MB

          Download