1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

AnyDesk.exe

windows11-21h2-x64

8

Resubmissions

29-06-2024 16:56

240629-vfpbls1frh 8

29-06-2024 16:55

240629-vfbqhsvbpl 3

29-06-2024 16:54

240629-ve2wbavbnr 3

29-06-2024 16:54

240629-vesmmsvbnn 3

Sharing

General

Target

AnyDesk.exe
Size

5.1MB
Sample

240629-vfpbls1frh
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

8^/10

discovery exploit persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win11-20240611-en

discovery exploit persistence ransomware

windows11-21h2-x64

32 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  5.1MB
- MD5
  
  aee6801792d67607f228be8cec8291f9
- SHA1
  
  bf6ba727ff14ca2fddf619f292d56db9d9088066
- SHA256
  
  1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
- SHA512
  
  09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
- SSDEEP
  
  98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Score

8^/10

discovery exploit persistence ransomware
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexploitpersistenceransomware

© 2018-2024

Terms | Privacy