Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2023, 02:04

General

  • Target

    JJSploit_7.1.3_x86_en-US.msi

  • Size

    5.8MB

  • MD5

    89b39aafa577686ce2890ff00a22f7d6

  • SHA1

    1259bb1962d23f242ebe340f359b3825a31989d4

  • SHA256

    dfdb140d98307146cbdbc726cc1f4897acc14288c95fd8bfc5ab29f91c895fa3

  • SHA512

    59d7ee87354f01c9bcaf438086a730f56c671f75815be696b07107d54f886b48a7217a7c4138e690a6c0670b7c39dd564650b63e6e12743d46b3bd65824ad70d

  • SSDEEP

    98304:oni7F600rU+xmX0VumSuS2eaYbC8wSKyWatyiGoMNjbLmf19+I3NlNi3bywir:Gi7F6MiVVBS2e3bC8wS+QGZNYpi2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\JJSploit_7.1.3_x86_en-US.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4124
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 7FCB56FD10ABB4574F8D58BA5246C5A5 C
      2⤵
      • Loads dropped DLL
      PID:5088

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI86EE.tmp

    Filesize

    113KB

    MD5

    4fdd16752561cf585fed1506914d73e0

    SHA1

    f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

    SHA256

    aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

    SHA512

    3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

  • C:\Users\Admin\AppData\Local\Temp\MSI86EE.tmp

    Filesize

    113KB

    MD5

    4fdd16752561cf585fed1506914d73e0

    SHA1

    f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

    SHA256

    aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

    SHA512

    3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600