Skip to content
Detecteam
  • CompanyExpand
    • Founders Story
    • The Team
  • ProductExpand
    • About Us
  • SolutionsExpand
    • Use Cases
  • ResourcesExpand
    • Detecteam Blogs
    • Contact Us
Twitter Linkedin
Detecteam
Blog · Scenario

Anydesk Installation Traces

Avatar photoByDetecteam 2023-11-032023-11-03

TLP

TLP CLEAR

Author

Sebastien Tricaud

Summary

This scenario automates the download and installation of AnyDesk, a remote desktop software, on a Windows system. It begins by resolving the IP address of the AnyDesk download server through DNS resolution. Subsequently, it simulates a Windows environment for an HTTP request, fetches the AnyDesk.exe file from the designated URL, and confirms the server as “nginx.” Finally, it initiates the installation process by executing a new process with the command line for AnyDesk installation, ensuring it is installed silently without user interaction. This script streamlines the entire download and installation procedure, enhancing efficiency and ease of deployment for AnyDesk on Windows systems.

TIMELINE

DATA

We are providing data for attacks weekly hoping to contribute raising awareness to threats from their data.

ad.trace_Download
windows_sysmon.xml_Download
anydesk.pcapngDownload

CATEGORY

misc

references

  • https://anydesk.com/

MITRE ATT&CK

Post Tags: #T1016 - System Network Configuration Discovery#T1059 - Command Line Interface#T1078 - Valid Accounts#T1110 - Brute Force#T1113 - Screen Capture#T1219 - Remote Access Software#T1547 - Boot or Logon Autostart Execution
Avatar photo
Detecteam
X

Detecteam is transforming cybersecurity detection from static rule-writing to autonomous, continuous validation. Our REFLEX platform automates the detection lifecycle—building, testing, validating and deploying detections in minutes, not months. We help enterprises maximize ROI on existing tools, close high-risk detection gaps faster, and scale security outcomes without scaling headcount. This is the future of detection-as-code, and we’re leading it.

CONTACT US

Detecteam Inc.
300 Lenora Street PMB 659
Seattle, WA 98121 USA
+1 (650) 542-0831
sales@detecteam.com

  • Privacy Policy

SOCIAL MEDIA

Twitter Linkedin
OUR NEWSLETTER

Check your inbox or spam to confirm your subscription.

© 2025 Detecteam Inc. All Rights Reserved.

  • Company
    • Founders Story
    • The Team
  • Product
    • About Us
  • Solutions
    • Use Cases
  • Resources
    • Detecteam Blogs
    • Contact Us
Search