Overview
overview
6Static
static
5fe481182fe...18.exe
windows7-x64
5fe481182fe...18.exe
windows10-2004-x64
5$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...sk.dll
windows7-x64
3$PLUGINSDI...sk.dll
windows10-2004-x64
3Update/jpborder.exe
windows7-x64
Update/jpborder.exe
windows10-2004-x64
jpdesk.exe
windows7-x64
6jpdesk.exe
windows10-2004-x64
5Analysis
-
max time kernel
140s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29/09/2024, 09:54
Behavioral task
behavioral1
Sample
fe481182fe5b1a0ccbed83db72a16348_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fe481182fe5b1a0ccbed83db72a16348_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsWebJPDesk.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsWebJPDesk.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Update/jpborder.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
Update/jpborder.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
jpdesk.exe
Resource
win7-20240903-en
General
-
Target
jpdesk.exe
-
Size
903KB
-
MD5
62acbd2883956a26821d5f602fbe4ebb
-
SHA1
c906c459a0136a4eb8777a9c1aef49c2adbf700f
-
SHA256
4e436e97d7aa73e1c82cb32c25964d71ca8f4c2aac701783215334948e795328
-
SHA512
8e386323b7d35f9955a4cb604abe9cff3df83a7ddad40e57fbaa3acac9ef0e2bd3bcaec0518e0a59cde420ad8a6d0b1e9432b095c2ebe26d531c2807d964a32a
-
SSDEEP
24576:hoAXT+u1NglW1ScKc1FnXJJl/+KhI97Nimo6rmfa6z/AH44J:hH6uGW1SUSNw6rmfa6/4J
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\极品桌面 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jpdesk.exe" jpdesk.exe -
resource yara_rule behavioral13/memory/2140-0-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-251-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-252-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-254-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-255-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-256-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-257-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-258-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-260-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-261-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-262-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-263-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-264-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-265-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-266-0x0000000000400000-0x000000000071D000-memory.dmp upx behavioral13/memory/2140-267-0x0000000000400000-0x000000000071D000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jpdesk.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD509c7ca120d653513cff0e68bd1cfe44f
SHA1852a166c1ff59ecf74a7ebd24a43bd5b2f9835d7
SHA25663f92cdceaaad357263ee065baf511b60f5ec80caa9d34404162be3503953b4f
SHA5127f0c64d483f27bd176b9f47ce659ff19ceb1c53e79cbd55b0f2aa83c8634e8f2ed05c2f903d78e7049d92aeb419f8a5f47c5e1fe5c8e08adfed103ff299447db