Overview
overview
8Static
static
7jghdtv_setup.exe
windows7-x64
7jghdtv_setup.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3Kernel/PPS...et.dll
windows7-x64
1Kernel/PPS...et.dll
windows10-2004-x64
1Kernel/PPS...t2.dll
windows7-x64
1Kernel/PPS...t2.dll
windows10-2004-x64
1Kernel/PPS...rk.dll
windows7-x64
3Kernel/PPS...rk.dll
windows10-2004-x64
3Kernel/PPS...st.dll
windows7-x64
1Kernel/PPS...st.dll
windows10-2004-x64
1Kernel/PPS...er.dll
windows7-x64
8Kernel/PPS...er.dll
windows10-2004-x64
8Kernel/PPS...ds.dll
windows7-x64
1Kernel/PPS...ds.dll
windows10-2004-x64
1Kernel/PPS...ay.dll
windows7-x64
1Kernel/PPS...ay.dll
windows10-2004-x64
1Kernel/PPS...ge.dll
windows7-x64
1Kernel/PPS...ge.dll
windows10-2004-x64
1Kernel/PPS...sg.dll
windows7-x64
1Kernel/PPS...sg.dll
windows10-2004-x64
1Kernel/PPS...lg.dll
windows7-x64
1Kernel/PPS...lg.dll
windows10-2004-x64
1Kernel/PPS...et.dll
windows7-x64
1Kernel/PPS...et.dll
windows10-2004-x64
1Kernel/PPS...es.dll
windows7-x64
1Kernel/PPS...es.dll
windows10-2004-x64
1Kernel/PiP...ck.dll
windows7-x64
6Kernel/PiP...ck.dll
windows10-2004-x64
6Kernel/PiP...il.dll
windows7-x64
1Kernel/PiP...il.dll
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
19/06/2024, 21:20
Behavioral task
behavioral1
Sample
jghdtv_setup.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
jghdtv_setup.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Kernel/PPStream/Livenet.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
Kernel/PPStream/Livenet.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Kernel/PPStream/Livenet2.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral8
Sample
Kernel/PPStream/Livenet2.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Kernel/PPStream/PSNetwork.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral10
Sample
Kernel/PPStream/PSNetwork.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Kernel/PPStream/PowerList.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral12
Sample
Kernel/PPStream/PowerList.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Kernel/PPStream/PowerPlayer.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Kernel/PPStream/PowerPlayer.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Kernel/PPStream/fds.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral16
Sample
Kernel/PPStream/fds.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Kernel/PPStream/pp2play.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
Kernel/PPStream/pp2play.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Kernel/PPStream/ppsimage.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral20
Sample
Kernel/PPStream/ppsimage.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Kernel/PPStream/ppssg.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
Kernel/PPStream/ppssg.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Kernel/PPStream/psclg.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral24
Sample
Kernel/PPStream/psclg.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Kernel/PPStream/vodnet.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
Kernel/PPStream/vodnet.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Kernel/PPStream/vodres.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral28
Sample
Kernel/PPStream/vodres.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Kernel/PiPi/JfCheck.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Kernel/PiPi/JfCheck.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Kernel/PiPi/KmBugslayerUtil.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral32
Sample
Kernel/PiPi/KmBugslayerUtil.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
Kernel/PPStream/vodnet.dll
-
Size
969KB
-
MD5
3382daf7830ad1f99668dc8586cd2cb5
-
SHA1
f7df9d6963d6bd8244490343f3e936d80303ce1d
-
SHA256
385fc9329a09bfa0f10595b81747221c2255a5541fce7ea09a1f24e0de6ea2c9
-
SHA512
79dfffbe2e8d4d49c782c5b9a6bcd98a52a3fa90e9eacf5315526e0f49ab99df9aea0447a4150e0351a0b413dfe570f2f807dd144cff5063d1c02ddd2989ae5d
-
SSDEEP
12288:tY/bZkDaztiA2ULuJ0xL5MLkMoGpYJcJXItQlhNddrZ21/R4y1XlYXunodfU/Iwr:KeUeoGiJoldraRoUgbZRKKvNlvzXrU
Malware Config
Signatures
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ppstreamvod regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ppstreamvod\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Kernel\\PPStream\\vodnet.dll" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28 PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28 PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28 PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28 PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28 PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28 PID 2388 wrote to memory of 2344 2388 regsvr32.exe 28