Overview

overview

7

Static

static

7

4bc954782d...18.exe

windows7-x64

7

4bc954782d...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDIR/OnTop.dll

windows7-x64

1

$PLUGINSDIR/OnTop.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...sk.dll

windows7-x64

3

$PLUGINSDI...sk.dll

windows10-2004-x64

3

$TEMP/UpdateInfo.exe

windows7-x64

7

$TEMP/UpdateInfo.exe

windows10-2004-x64

7

jpborder.exe

windows7-x64

7

jpborder.exe

windows10-2004-x64

7

jpdesk.exe

windows7-x64

7

jpdesk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jpdesk.exe

  • Size

    891KB

  • MD5

    d2cce3ace9d9651d02dbd0cfa3a35557

  • SHA1

    4502a395a7ad709d9e5d8901b29ff47fd08759ed

  • SHA256

    0368c03c0588e857b58a7f15c67e9dca3ccc0ee08dd6fe2910d6c7acdb350ed0

  • SHA512

    e30ca457806611734231aae5996215efc4758d99b19b55e4de65d42a0ed4b96795645764db7ca9dfccca183669d007a14a84635bad289cb8b692a754e64a3a32

  • SSDEEP

    24576:toRnWRpLH2awL1N8MIcfivqXiV2+EjRkxDZ8+uFpYFuQ44:tcWjHzwbg8thjKxC+uFpqX44

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\jpdesk.exe
    "C:\Users\Admin\AppData\Local\Temp\jpdesk.exe"
    1⤵
    • Adds Run key to start application
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\jpdesk\CurTheme.Theme
    Filesize

    685B

    MD5

    e60ce2a7e499d92b02a26fda5fa10249

    SHA1

    5317c2dcc8bdf5a245163876b95497a35e46e501

    SHA256

    7cce252b9ff51f5c5c67a2e6467507ca20b4c369e00622ef6f6da5eedfa15418

    SHA512

    5f6efde1410461c65f0defac2d9e87021d6c0fe49b1fa706735119809d6248ffd9c2052c38aae5887c77239bf6b376d7a89284b69cfc991bc9a6d309dbbe51cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\jpdesk\CurTheme.Theme
    Filesize

    1KB

    MD5

    103db6a574de6a052c2ef768a867bccc

    SHA1

    618601065f65ad722a9bac914dc1ef7d00b581b5

    SHA256

    8fa097a0bce5c3672a0e4dd8dec1e3a63fe31be78ed09c5e1179380fac2afa14

    SHA512

    999a69c2dfcd58c985e7b3186b292eab4fc1d5219c966ab7de8364f19c3c2306e0fc980c60327416a1967e29af302a29258e4c3d02b0cbd7772cfc2bbf0da7d2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\jpdesk\CurTheme.Theme
    Filesize

    396B

    MD5

    ac3deaee52aaf801c19817e2e1153f56

    SHA1

    17583f82a26c863934551f88c5cbb3b45421c6e7

    SHA256

    00ad069aa23bc6f952464cba3ea1163cdec44429770d48062a983260501fa4c2

    SHA512

    29422fe4724e514af4547c7339127861ec0813a61860d497a04e3a74648645140dead9aae20b26916d2fc6c92157ee12ccf86170b69cf82ba71fbf310577a20c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\jpdesk\DefSoft.ini
    Filesize

    2KB

    MD5

    09c7ca120d653513cff0e68bd1cfe44f

    SHA1

    852a166c1ff59ecf74a7ebd24a43bd5b2f9835d7

    SHA256

    63f92cdceaaad357263ee065baf511b60f5ec80caa9d34404162be3503953b4f

    SHA512

    7f0c64d483f27bd176b9f47ce659ff19ceb1c53e79cbd55b0f2aa83c8634e8f2ed05c2f903d78e7049d92aeb419f8a5f47c5e1fe5c8e08adfed103ff299447db

    Download Submit

  • memory/2692-397-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-401-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-393-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-394-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-395-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-396-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-0-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-398-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-399-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-402-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-403-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-404-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-405-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-406-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-407-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-408-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2692-409-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download