Malware analysis HopToDesk.exe Malicious activity | ANY.RUN

Add for printing

File name:	HopToDesk.exe
Full analysis:	https://app.any.run/tasks/0ce74f7a-df7d-4ec3-892f-e3718305d172
Verdict:	Malicious activity
Analysis date:	March 05, 2024, 11:51:01
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:	E7F8E468320521203FA50B202F5925E4
SHA1:	7120E4F990E99E89840482F32501BE69168A485E
SHA256:	B85D91231F81820547DF65A29074CB209D20EDEA8ADC74A51C1DF48E6F71E8EE
SSDEEP:	98304:E0+iMn8ssVIER4T5BQbPHAg+bsx37kDSq9TYIPOjAUzBXeXPc+89ACadiROBeiGN:pVIUje2kosAW/Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - HopToDesk.exe (PID: 2160)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 3140)
  - cmd.exe (PID: 752)
- Create files in the Startup directory
  - cmd.exe (PID: 752)
SUSPICIOUS
- Suspicious use of NETSH.EXE
  - HopToDesk.exe (PID: 2160)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 3140)
  - cmd.exe (PID: 752)
- Reads security settings of Internet Explorer
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1040)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk-update.exe (PID: 568)
  - HopToDesk.exe (PID: 3140)
- Application launched itself
  - HopToDesk.exe (PID: 2160)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2564)
  - HopToDesk.exe (PID: 2788)
- Reads the Internet Settings
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1040)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk-update.exe (PID: 568)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 3140)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 1608)
- Uses NETSH.EXE to add a firewall rule or allowed programs
  - HopToDesk.exe (PID: 1040)
  - HopToDesk-update.exe (PID: 568)
  - cmd.exe (PID: 752)
- Executable content was dropped or overwritten
  - HopToDesk.exe (PID: 2160)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 3140)
  - cmd.exe (PID: 752)
- Starts CMD.EXE for commands execution
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 3140)
  - HopToDesk.exe (PID: 2860)
- Reads settings of System Certificates
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 1608)
- Uses TASKKILL.EXE to kill process
  - cmd.exe (PID: 2292)
  - cmd.exe (PID: 2808)
  - HopToDesk-update.exe (PID: 2592)
  - cmd.exe (PID: 752)
  - cmd.exe (PID: 1992)
- Connects to unusual port
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2860)
  - HopToDesk.exe (PID: 1608)
- Starts itself from another location
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 3140)
- Executing commands from a ".bat" file
  - HopToDesk.exe (PID: 3140)
- Starts application with an unusual extension
  - cmd.exe (PID: 752)
- Starts SC.EXE for service management
  - cmd.exe (PID: 752)
- Uses REG/REGEDIT.EXE to modify registry
  - cmd.exe (PID: 752)
- Uses NETSH.EXE to delete a firewall rule or allowed programs
  - cmd.exe (PID: 752)
- Creates a software uninstall entry
  - reg.exe (PID: 3044)
  - reg.exe (PID: 2824)
  - reg.exe (PID: 3040)
  - reg.exe (PID: 3748)
  - reg.exe (PID: 2536)
  - reg.exe (PID: 2836)
  - reg.exe (PID: 3420)
  - reg.exe (PID: 3756)
  - reg.exe (PID: 3548)
  - reg.exe (PID: 3636)
  - reg.exe (PID: 3752)
  - reg.exe (PID: 3640)
- Searches for installed software
  - reg.exe (PID: 2824)
  - reg.exe (PID: 3040)
  - reg.exe (PID: 3748)
  - reg.exe (PID: 2536)
  - reg.exe (PID: 3548)
  - reg.exe (PID: 3044)
  - reg.exe (PID: 3640)
  - reg.exe (PID: 3420)
  - reg.exe (PID: 3756)
  - reg.exe (PID: 3752)
  - reg.exe (PID: 2836)
  - reg.exe (PID: 3636)
  - HopToDesk.exe (PID: 2472)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 2564)
  - HopToDesk.exe (PID: 2860)
  - HopToDesk.exe (PID: 1608)
- The process executes VB scripts
  - cmd.exe (PID: 752)
- Executes as Windows Service
  - HopToDesk.exe (PID: 2472)
  - HopToDesk.exe (PID: 2564)
- Using 'findstr.exe' to search for text patterns in files and output
  - cmd.exe (PID: 752)
INFO
- Reads the computer name
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1040)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk-update.exe (PID: 568)
  - HopToDesk.exe (PID: 3140)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2472)
  - HopToDesk.exe (PID: 2564)
  - HopToDesk.exe (PID: 2860)
  - HopToDesk.exe (PID: 2788)
  - wmpnscfg.exe (PID: 3496)
  - HopToDesk.exe (PID: 1608)
- Checks supported languages
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1040)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk-update.exe (PID: 568)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 3140)
  - chcp.com (PID: 2416)
  - chcp.com (PID: 3524)
  - chcp.com (PID: 3716)
  - HopToDesk.exe (PID: 2472)
  - HopToDesk.exe (PID: 2564)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 2860)
  - wmpnscfg.exe (PID: 3496)
  - HopToDesk.exe (PID: 1608)
- Creates files or folders in the user directory
  - HopToDesk.exe (PID: 2160)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 3140)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 1608)
- Create files in a temporary directory
  - HopToDesk.exe (PID: 2160)
  - HopToDesk-update.exe (PID: 2592)
  - HopToDesk.exe (PID: 3140)
  - cscript.exe (PID: 4028)
  - cscript.exe (PID: 3300)
  - cscript.exe (PID: 2952)
- Checks proxy server information
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 1608)
- Reads the software policy settings
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2860)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 1608)
- Reads the machine GUID from the registry
  - HopToDesk.exe (PID: 2160)
  - HopToDesk.exe (PID: 1484)
  - HopToDesk.exe (PID: 2860)
  - HopToDesk.exe (PID: 2788)
  - HopToDesk.exe (PID: 1608)
- Creates files in the program directory
  - cmd.exe (PID: 752)
- Reads security settings of Internet Explorer
  - cscript.exe (PID: 4028)
  - cscript.exe (PID: 2952)
  - cscript.exe (PID: 3300)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3496)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	UPX compressed Win32 Executable (76)
.exe	\|	Win32 Executable (generic) (12.6)
.exe	\|	Generic Win/DOS Executable (5.6)
.exe	\|	DOS Executable Generic (5.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:01:24 19:05:04+00:00
ImageFileCharacteristics:	Executable, Large address aware, 32-bit
PEType:	PE32
LinkerVersion:	14.36
CodeSize:	7585792
InitializedDataSize:	24576
UninitializedDataSize:	12148736
EntryPoint:	0x12d2130
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	1.41.5.0
ProductVersionNumber:	1.41.5.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
LegalCopyright:	Copyright © 2024 Begonia Holdings. Copyright © 2023 Purslane, Inc.
FileDescription:	HopToDesk
FileVersion:	1.41.5
ProductVersion:	1.41.5
ProductName:	HopToDesk
CompanyName:	Begonia Holdings

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

131

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

116

taskkill /F /IM RuntimeBroker_hoptodesk.exe

C:\Windows\System32\taskkill.exe

—

cmd.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Terminates Processes

Exit code:

128

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll

120

reg add HKEY_CLASSES_ROOT\hoptodesk /f /v "URL Protocol" /t REG_SZ /d ""

C:\Windows\System32\reg.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Registry Console Tool

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

480

"netsh" advfirewall firewall show rule name= HopToDesk verbose

C:\Windows\System32\netsh.exe

—

HopToDesk.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Network Command Shell

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll

568

"C:\Users\admin\AppData\Local\Temp\HopToDesk-update.exe" --fw

C:\Users\admin\AppData\Local\Temp\HopToDesk-update.exe

—

HopToDesk-update.exe

User:

admin

Company:

Begonia Holdings

Integrity Level:

HIGH

Description:

HopToDesk

Exit code:

Version:

1.41.6

Modules

Images
c:\users\admin\appdata\local\temp\hoptodesk-update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\ucrtbase.dll

696

reg add HKEY_CLASSES_ROOT\hoptodesk\shell\open\command /f /ve /t REG_SZ /d "\"C:\Program Files\HopToDesk\HopToDesk.exe\" \"--connect\" \"%1\""

C:\Windows\System32\reg.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Registry Console Tool

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

752

"C:\Windows\System32\cmd.exe" /C C:\Users\admin\AppData\Local\Temp\HopToDesk_install.bat

C:\Windows\System32\cmd.exe

HopToDesk.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

784

taskkill /F /IM RuntimeBroker_hoptodesk.exe

C:\Windows\System32\taskkill.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Terminates Processes

Exit code:

128

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll

864

"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="HopToDesk" dir=in action=allow program="C:\Users\admin\AppData\Local\Temp\HopToDesk.exe" enable=yes

C:\Windows\System32\netsh.exe

—

HopToDesk.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Network Command Shell

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll

896

sc stop HopToDesk

C:\Windows\System32\sc.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

A tool to aid in developing services for WindowsNT

Exit code:

1060

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll

956

findstr /c:"HopToDesk Service"

C:\Windows\System32\findstr.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Find String (QGREP) Utility

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll

Add for printing

Total events

42 589

Read events

41 946

Write events

624

Delete events

Modification events


(PID) Process:	(2160) HopToDesk.exe	Key:	HKEY_CLASSES_ROOT\HopToDesk
Operation:	write	Name:	URL Protocol
Value:
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\dhcpqec.dll,-100
Value: DHCP Quarantine Enforcement Client
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\dhcpqec.dll,-101
Value: Provides DHCP based enforcement for NAP
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\dhcpqec.dll,-103
Value: 1.0
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\dhcpqec.dll,-102
Value: Microsoft Corporation
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\napipsec.dll,-1
Value: IPsec Relying Party
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\napipsec.dll,-2
Value: Provides IPsec based enforcement for Network Access Protection
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\napipsec.dll,-4
Value: 1.0
(PID) Process:	(3652) netsh.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	@%SystemRoot%\system32\napipsec.dll,-3
Value: Microsoft Corporation

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2160	HopToDesk.exe	C:\Users\admin\AppData\Local\Temp\sciter.dll		executable
		MD5:FC2311CA280C197F5ED16DEF6D464B6B	SHA256:285F3E6A051A7C61845CD7E4D2120781B6BDF411239F70A85C65B38A52D38F28
2160	HopToDesk.exe	C:\Users\admin\AppData\Roaming\HopToDesk\config\UpdatePath.toml		text
		MD5:5C06736373F1C19F9F83C3D034A0FE51	SHA256:0BAAD169B8006BE9C254778C4E9523E6905BEA5A6D735A9082118110736A65A1
2160	HopToDesk.exe	C:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk2.2160_ThreadId(15)_1709639481532875000		text
		MD5:F48304D019B418DA9B0593EBB565BE91	SHA256:A681222E24E490642EB0997AE1E983A050F02BB5A82D9374446E8D2CE4AF7535
2160	HopToDesk.exe	C:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk.2160_ThreadId(15)_1709639481532875000		text
		MD5:8A5CF4FA4D0DA258D9F54B09F491DB32	SHA256:C48F4AA21FF0AAACB5B02F524D46C29BF3C7CF9A5B059A6A6492FCD7C5F4CD0E
2160	HopToDesk.exe	C:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk2.toml		text
		MD5:A6BECBA0352AB368313402F9CF42ED09	SHA256:26059F8DD9026AC1ECF174D0C79467BE90E1681CDCBE7AEBBFEC35D639864205
2160	HopToDesk.exe	C:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk.2160_ThreadId(18)_1709639477704750000		text
		MD5:D5889065B82B305B96FB175F5CE6F1A3	SHA256:0EFC0AF21884B9CFF61540A710E2E8258DF94DBA6C2B59A82C6DEAFEDC78ED0A
2160	HopToDesk.exe	C:\Users\admin\AppData\Local\Temp\HopToDesk-update.exe		executable
		MD5:CA307565D7DA1327AD8BA77A5ABBAE13	SHA256:C8F8F48DC64AA1FDB1EFEDB64901E96DA5723B752D58C75BE981D7EC7EDD35B5
2592	HopToDesk-update.exe	C:\Users\admin\AppData\Local\Temp\HopToDesk.exe		executable
		MD5:CA307565D7DA1327AD8BA77A5ABBAE13	SHA256:C8F8F48DC64AA1FDB1EFEDB64901E96DA5723B752D58C75BE981D7EC7EDD35B5
3140	HopToDesk.exe	C:\Users\admin\AppData\Local\Temp\HopToDesk_mk_shortcut.vbs		binary
		MD5:E49AE77F558CC588FF323B67BE1CF5DB	SHA256:C02E3EF559C4BF49D5931DB77978277BC03B5A528B43BCFDBDE7B36D5BBBF91C
2592	HopToDesk-update.exe	C:\Users\admin\AppData\Roaming\HopToDesk\log\update\HopToDesk-update_rCURRENT.log		text
		MD5:19B087A751147A30D209ADB5D0786D1E	SHA256:47F2B6797B40977E7309E6362944710BDF83427844C7EFF8E1AE93DC219582E2

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2160	HopToDesk.exe	GET	101	45.77.249.125:80	http://signal.hoptodesk.com:80/?user=167286068	unknown	—	—	unknown
1484	HopToDesk.exe	GET	101	45.77.249.125:80	http://signal.hoptodesk.com:80/?user=167286068	unknown	—	—	unknown
2860	HopToDesk.exe	GET	101	45.77.249.125:80	http://signal.hoptodesk.com:80/?user=167286068	unknown	—	—	unknown
1608	HopToDesk.exe	GET	101	45.77.249.125:80	http://signal.hoptodesk.com:80/?user=1709639604	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2160	HopToDesk.exe	188.114.97.3:443	api.hoptodesk.com	CLOUDFLARENET	NL	unknown
2160	HopToDesk.exe	81.181.108.236:3478	—	M247 Ltd	GB	unknown
2160	HopToDesk.exe	23.165.104.217:3478	turn.hoptodesk.com	—	—	unknown
2160	HopToDesk.exe	81.181.108.49:3478	—	M247 Ltd	GB	unknown
2160	HopToDesk.exe	107.174.93.216:3478	—	AS-COLOCROSSING	US	unknown
2160	HopToDesk.exe	139.99.170.75:3478	—	OVH SAS	AU	unknown
2160	HopToDesk.exe	23.165.104.217:443	turn.hoptodesk.com	—	—	unknown

DNS requests

Domain	IP	Reputation
api.hoptodesk.com	188.114.97.3 188.114.96.3	unknown
turn.hoptodesk.com	23.165.104.217	unknown
signal.hoptodesk.com	45.77.249.125	unknown
www.hoptodesk.com	188.114.97.3 188.114.96.3	unknown
dns.msftncsi.com	131.107.255.255	shared

Threats

PID	Process	Class	Message
2160	HopToDesk.exe	Potential Corporate Privacy Violation	POLICY [ANY.RUN] Websocket update request to external network
1484	HopToDesk.exe	Potential Corporate Privacy Violation	POLICY [ANY.RUN] Websocket update request to external network
2860	HopToDesk.exe	Potential Corporate Privacy Violation	POLICY [ANY.RUN] Websocket update request to external network
1608	HopToDesk.exe	Potential Corporate Privacy Violation	POLICY [ANY.RUN] Websocket update request to external network

Add for printing

No debug info

General Info

HopToDesk.exe

E7F8E468320521203FA50B202F5925E4

7120E4F990E99E89840482F32501BE69168A485E

B85D91231F81820547DF65A29074CB209D20EDEA8ADC74A51C1DF48E6F71E8EE

98304:E0+iMn8ssVIER4T5BQbPHAg+bsx37kDSq9TYIPOjAUzBXeXPc+89ACadiROBeiGN:pVIUje2kosAW/Q

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Create files in the Startup directory

SUSPICIOUS

Suspicious use of NETSH.EXE

Reads security settings of Internet Explorer

Application launched itself

Reads the Internet Settings

Uses NETSH.EXE to add a firewall rule or allowed programs

Executable content was dropped or overwritten

Starts CMD.EXE for commands execution

Reads settings of System Certificates

Uses TASKKILL.EXE to kill process

Connects to unusual port

Starts itself from another location

Executing commands from a ".bat" file

Starts application with an unusual extension

Starts SC.EXE for service management

Uses REG/REGEDIT.EXE to modify registry

Uses NETSH.EXE to delete a firewall rule or allowed programs

Creates a software uninstall entry

Searches for installed software

The process executes VB scripts

Executes as Windows Service

Using 'findstr.exe' to search for text patterns in files and output

INFO

Reads the computer name

Checks supported languages

Creates files or folders in the user directory

Create files in a temporary directory

Checks proxy server information

Reads the software policy settings

Reads the machine GUID from the registry

Creates files in the program directory

Reads security settings of Internet Explorer

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files