Overview

overview

9

Static

static

3

JJSploit 2...or.exe

windows10-2004-x64

9

JJSploit 2...or.exe

windows11-21h2-x64

9

creal.pyc

windows10-2004-x64

3

creal.pyc

windows11-21h2-x64

3

JJSploit 2...it.exe

windows10-2004-x64

7

JJSploit 2...it.exe

windows11-21h2-x64

7

jjsploit.pyc

windows10-2004-x64

3

jjsploit.pyc

windows11-21h2-x64

3

Analysis

  • max time kernel
    0s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/09/2024, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    creal.pyc

  • Size

    76KB

  • MD5

    fcd494f9797d27908e665993ba552d14

  • SHA1

    3587096445e2a419f51e4a9bfeda736e95bf3589

  • SHA256

    23814d7a8df0dc35fe69d0e7d07e13d44c79fed2f39ac92c4cee8323a56de038

  • SHA512

    ad94651c0d7802fe6097ec5a2f2d22373a40db13122fe9d8403b868250dfaf0e774d35fc3fa360c795cda51f5ea4e1cda522c522888814b994d4450ee44b4b50

  • SSDEEP

    1536:KLKOqK/SWSRjsJlflX2Is89RaJ+InaYJEuN6RKer:KhqFi2Is8qjxJJN6Rn

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc
    1⤵
    • Modifies registry class
    PID:4076
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads