Overview
overview
7Static
static
7jojoy_3.2.26_1.apk
android-9-x86
5NOTICES.z
windows7-x64
3NOTICES.z
windows10-2004-x64
3ic_add_fri...ff.svg
windows7-x64
1ic_add_fri...ff.svg
windows10-2004-x64
1ic_btn_app...t.webp
windows7-x64
3ic_btn_app...t.webp
windows10-2004-x64
3ic_checkbox_check.svg
windows7-x64
1ic_checkbox_check.svg
windows10-2004-x64
1ic_graphic...o.webp
windows7-x64
3ic_graphic...o.webp
windows10-2004-x64
3ic_setup_02.webp
windows7-x64
3ic_setup_02.webp
windows10-2004-x64
3ic_setup_03.webp
windows7-x64
3ic_setup_03.webp
windows10-2004-x64
3ic_share.webp
windows7-x64
3ic_share.webp
windows10-2004-x64
3img_access...1.webp
windows7-x64
3img_access...1.webp
windows10-2004-x64
3img_access...2.webp
windows7-x64
3img_access...2.webp
windows10-2004-x64
3img_no_ads.png
windows7-x64
3img_no_ads.png
windows10-2004-x64
3img_skin_i...1.webp
windows7-x64
3img_skin_i...1.webp
windows10-2004-x64
3img_skin_i...2.webp
windows7-x64
3img_skin_i...2.webp
windows10-2004-x64
3img_skin_i...3.webp
windows7-x64
3img_skin_i...3.webp
windows10-2004-x64
3img_skin_i...4.webp
windows7-x64
3img_skin_i...4.webp
windows10-2004-x64
3jojoy_btn_motion.json
windows7-x64
3Analysis
-
max time kernel
21s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16/08/2023, 01:43
Static task
static1
Behavioral task
behavioral1
Sample
jojoy_3.2.26_1.apk
Resource
android-x86-arm-20230621-en
android-9-x86
Behavioral task
behavioral2
Sample
NOTICES.z
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral3
Sample
NOTICES.z
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
ic_add_friend_search_scan_off.svg
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral5
Sample
ic_add_friend_search_scan_off.svg
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
ic_btn_apply_minecraft.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral7
Sample
ic_btn_apply_minecraft.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
ic_checkbox_check.svg
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral9
Sample
ic_checkbox_check.svg
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
ic_graphic_nophoto.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral11
Sample
ic_graphic_nophoto.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
ic_setup_02.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral13
Sample
ic_setup_02.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
ic_setup_03.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral15
Sample
ic_setup_03.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
ic_share.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral17
Sample
ic_share.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
img_access_tutorial_01.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral19
Sample
img_access_tutorial_01.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
img_access_tutorial_02.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral21
Sample
img_access_tutorial_02.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
img_no_ads.png
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral23
Sample
img_no_ads.png
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
img_skin_intro_01.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral25
Sample
img_skin_intro_01.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
img_skin_intro_02.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral27
Sample
img_skin_intro_02.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
img_skin_intro_03.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral29
Sample
img_skin_intro_03.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
img_skin_intro_04.webp
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral31
Sample
img_skin_intro_04.webp
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
jojoy_btn_motion.json
Resource
win7-20230712-en
windows7-x64
General
-
Target
ic_setup_03.webp
-
Size
60KB
-
MD5
bff35bf2d1aa5b54a9f2be13bd54d981
-
SHA1
eb88bf51a159665a04f451163bc156a803b5b53d
-
SHA256
7e133b5fbe2de427b11527a5869109e4d8b306e57f12add83975e6e7883e3432
-
SHA512
cc3680db737be544e8ddd94929859798119b480411be71c24e62ee58aaab0836e6d394236eaf91a85c0cfa2ca2e483b11eb8c5dcdb70cdce8164a8fb99f499b3
-
SSDEEP
1536:hTUxxKO+6fMA/8YE+sqBXbOXwkvbXCX4D3IWb9n69s:yxxKOhfMx6tLOAkvbym3Phn6O
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2964 chrome.exe 2964 chrome.exe -
Suspicious use of AdjustPrivilegeToken 38 IoCs
description pid Process Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe Token: SeShutdownPrivilege 2964 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe 2964 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 860 wrote to memory of 2964 860 cmd.exe 29 PID 860 wrote to memory of 2964 860 cmd.exe 29 PID 860 wrote to memory of 2964 860 cmd.exe 29 PID 2964 wrote to memory of 2860 2964 chrome.exe 30 PID 2964 wrote to memory of 2860 2964 chrome.exe 30 PID 2964 wrote to memory of 2860 2964 chrome.exe 30 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2764 2964 chrome.exe 32 PID 2964 wrote to memory of 2828 2964 chrome.exe 33 PID 2964 wrote to memory of 2828 2964 chrome.exe 33 PID 2964 wrote to memory of 2828 2964 chrome.exe 33 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34 PID 2964 wrote to memory of 988 2964 chrome.exe 34
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ic_setup_03.webp1⤵
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ic_setup_03.webp2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6649758,0x7fef6649768,0x7fef66497783⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:23⤵PID:2764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:83⤵PID:2828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:83⤵PID:988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:13⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:13⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:23⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1100,i,9927787755543037811,10229373239438667916,131072 /prefetch:83⤵PID:592
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD52419e8a2841f33db0be20527ded497a5
SHA1ce8d72f94a69c2be29a7ac9258fce87a479eec91
SHA2565de180ee072b13a6d0199513cb1c1cd4c2b61a124e5c028e16073c151b346720
SHA5125f45d9dbb2192cbde6d17eea577b9cb880da088800153f094d4508709a7e7d96d8c181f16902744e63273f5e862bbab9107170682844af40103d8c522caaf5d9
-
Filesize
4KB
MD5ee69f14da0ea11b21d76c85e57ee4e51
SHA194d2ef4172891318b4c529bd1d3c65cda07331ea
SHA256435ff1fe61ac41f987da7544a9bf11629d7f2621bfb3eb9259fc17eb6e701098
SHA5124a14c2a022c68b897b2f8dbe99c0f6fa7abcfdc2ee7f19c71e605bb92bbbf9de5ceb407db50fa9ed6c0d08c2e0091f9817a588361605e844045e77b576a3ecef