Overview

overview

8

Static

static

3

JJSploit_7...up.exe

windows7-x64

8

JJSploit_7...up.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

JJSploit.exe

windows7-x64

1

JJSploit.exe

windows10-2004-x64

3

resources/...ab.lua

windows7-x64

3

resources/...ab.lua

windows10-2004-x64

3

resources/...ui.lua

windows7-x64

3

resources/...ui.lua

windows10-2004-x64

3

resources/...nd.lua

windows7-x64

3

resources/...nd.lua

windows10-2004-x64

3

resources/...te.lua

windows7-x64

3

resources/...te.lua

windows10-2004-x64

3

resources/...gh.lua

windows7-x64

3

resources/...gh.lua

windows10-2004-x64

3

resources/...ig.lua

windows7-x64

3

resources/...ig.lua

windows10-2004-x64

3

resources/...bot.js

windows7-x64

3

resources/...bot.js

windows10-2004-x64

3

resources/...ll.lua

windows7-x64

3

resources/...ll.lua

windows10-2004-x64

3

Resubmissions

18/08/2024, 12:39

240818-pv2btstdrc 8

18/08/2024, 12:38

240818-pt66patdph 8

Analysis

  • max time kernel
    129s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/modern-wizard.bmp

  • Size

    25KB

  • MD5

    cbe40fd2b1ec96daedc65da172d90022

  • SHA1

    366c216220aa4329dff6c485fd0e9b0f4f0a7944

  • SHA256

    3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

  • SHA512

    62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

  • SSDEEP

    24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\modern-wizard.bmp
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\modern-wizard.bmp"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:456
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:2892

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads