7d4a960a6a46db69576a7e3717fef7872f873a0fb5b1e6fea2b2341baa18f36e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

JJSploit_7...US.msi

windows7-x64

6

JJSploit_7...US.msi

windows10-2004-x64

8

Sharing

General

Target

JJSploit_7.2.0_x86_en-US.msi
Size

5.8MB
Sample

230608-wvml1ahd92
MD5

7522424ea68e64621cd8a81f1eb71e2a
SHA1

d4b84e4f586127cf15715c99f2d5e66ce953bc64
SHA256

7d4a960a6a46db69576a7e3717fef7872f873a0fb5b1e6fea2b2341baa18f36e
SHA512

0305ac4dc857ae77e5da11bab0eb0334697cae70681648945eb6f73325c5eb303de6cc21fe8cec8f90540a6acc2d96a8915ee420e5c8219a7711a8f781241429
SSDEEP

98304:6YGaxzW1K/3a9xtLMlrgUhWHaF1CYddUCa59/fcL+j4/zyh1kP0K6MFToDmgsUST:yqzWEALwLekTdE/fcO4/SpKnFWoPimc

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

JJSploit_7.2.0_x86_en-US.msi

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

JJSploit_7.2.0_x86_en-US.msi

Resource

win10v2004-20230220-en

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  JJSploit_7.2.0_x86_en-US.msi
- Size
  
  5.8MB
- MD5
  
  7522424ea68e64621cd8a81f1eb71e2a
- SHA1
  
  d4b84e4f586127cf15715c99f2d5e66ce953bc64
- SHA256
  
  7d4a960a6a46db69576a7e3717fef7872f873a0fb5b1e6fea2b2341baa18f36e
- SHA512
  
  0305ac4dc857ae77e5da11bab0eb0334697cae70681648945eb6f73325c5eb303de6cc21fe8cec8f90540a6acc2d96a8915ee420e5c8219a7711a8f781241429
- SSDEEP
  
  98304:6YGaxzW1K/3a9xtLMlrgUhWHaF1CYddUCa59/fcL+j4/zyh1kP0K6MFToDmgsUST:yqzWEALwLekTdE/fcO4/SpKnFWoPimc
Score

8^/10

persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy