Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-06-2024 00:18
Behavioral task
behavioral1
Sample
JJSploitRevamped.exe
Resource
win7-20240221-en
General
-
Target
JJSploitRevamped.exe
-
Size
12.2MB
-
MD5
52d018542b37d9de51db7ba23f7bb9dd
-
SHA1
3b70d8be5b85f4f1f00d4ef7b9d3f47a60ea5cb6
-
SHA256
fc89124753f93b1b3710e8e0dcbea2267b0444ebcba7474a591d769d833e2c77
-
SHA512
7e0d22c78f5a06aa0ecf784a10b1c96e3ace66ad2871afc277f2dfa8017a7e4e65d8fe35e8ac27886bab03b0dcca7f759d54fc9adc8943ece4b8b1d74137cb9e
-
SSDEEP
196608:orIA0HFL5rWm4yoNEbttj3ozbXe9Yq4MPLbCKeNTfm/pf+xk4dWRGtrbWOjgWy8:Hb4Gbtt7hJ4EnCFy/pWu4kRGtrbvMWy8
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
JJSploitRevamped.exepid process 2560 JJSploitRevamped.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI22042\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
JJSploitRevamped.exedescription pid process target process PID 2204 wrote to memory of 2560 2204 JJSploitRevamped.exe JJSploitRevamped.exe PID 2204 wrote to memory of 2560 2204 JJSploitRevamped.exe JJSploitRevamped.exe PID 2204 wrote to memory of 2560 2204 JJSploitRevamped.exe JJSploitRevamped.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"2⤵
- Loads dropped DLL
PID:2560
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\python311.dllFilesize
1.6MB
MD5bb46b85029b543b70276ad8e4c238799
SHA1123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c
SHA25672c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0
SHA5125e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31
-
memory/2560-24-0x000007FEF6050000-0x000007FEF6638000-memory.dmpFilesize
5.9MB