Overview

overview

7

Static

static

7

b364241b5b...18.exe

windows7-x64

7

b364241b5b...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...sk.dll

windows7-x64

3

$PLUGINSDI...sk.dll

windows10-2004-x64

3

$TEMP/UpdateInfo.exe

windows7-x64

$TEMP/UpdateInfo.exe

windows10-2004-x64

jpdesk.exe

windows7-x64

7

jpdesk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 12:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    jpdesk.exe

  • Size

    766KB

  • MD5

    afdc20f3a986e45c6dfabde6af04e078

  • SHA1

    cd7862bbccca7531410601d2e6bfc9b4cad5deed

  • SHA256

    3db75d1ea0e58cfe25a0a0346d347c0f9e744b69f22db94e741b0834e96e6af5

  • SHA512

    2d4fdf2337a04e93020c87cbf26156903859cd4a44618c85c355f4018b250e0fa706f4db0dda9a08a9629d82e26c5d2d087a2ec1ec24bb83d05ca100d4418043

  • SSDEEP

    12288:fsN4HFoYf6DtEICqHmFu2Gzo5+16z6/J+uljWNV4yqT8mqYAq9nV3u7S/P4bp:k+WYpuzD16z6XhWNV9mqYAqpV3IwP4F

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\jpdesk.exe
    "C:\Users\Admin\AppData\Local\Temp\jpdesk.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3024
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 544
      2⤵
      • Program crash
      PID:1036
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3024 -ip 3024
    1⤵
      PID:1840

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\BC99.tmp
            Filesize

            2KB

            MD5

            0535fd35e9c59562c5adce67f5341718

            SHA1

            ba45d8d38be6f815952eb4f5e4910e71d59e3869

            SHA256

            ab6203f6d3f0a2e942cf536b1c7ab252333b7e987247c6a6398feb1d1eba8778

            SHA512

            4d394d2f9b61e581bcfdadbe1a738383159a0d9cddef56b45e52827376fead7b005d4f47915e6b7807053bbd3c1271c2b39b0399df6866fec7282d6a6f0f591b

            Download Submit

          • memory/3024-0-0x0000000000400000-0x00000000006E4000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/3024-1-0x0000000000E60000-0x0000000000E61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3024-103-0x0000000000400000-0x00000000006E4000-memory.dmp

            Filesize

            2.9MB

            Download