Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/10/2024, 13:21
General
-
Target
JJSploit_8.10.5_x64-setup (1).exe
-
Size
6.1MB
-
MD5
ad0fde3ecfc62e0ec5c3b75e15751ac4
-
SHA1
c9b7254bc3ba1716db45bd72889e3df901cc3da7
-
SHA256
c9ff34cb7d2374891dbd649a3bbaee384e41736818754dd6ba836df250bf8a74
-
SHA512
8b6ce18cf0737d56273f6fe1b28066b52082bd8c688eb2767a5eb7d6dbdca717c7610d0e8098e05903573a417ef0b642f0823d015820db8494114d376ebc8576
-
SSDEEP
196608:xYpp3SbRwIaDURmn0DGYeqCxNjaYKJrWcZNdXDY:xqpcR3amGdHx47d7NdzY
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 8 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.5_x64-setup (1).exe"C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.5_x64-setup (1).exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd997f46f8,0x7ffd997f4708,0x7ffd997f47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5212 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5450649103539919801,8325678755790370182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6176 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\Desktop\JJSploit_8.10.5_x64-setup (1).exe"C:\Users\Admin\Desktop\JJSploit_8.10.5_x64-setup (1).exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
70KB
MD54308671e9d218f479c8810d2c04ea6c6
SHA1dd3686818bc62f93c6ab0190ed611031f97fdfcf
SHA2565addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a
SHA5125936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
1KB
MD553ab84ee57641b3b89f0f7ea16335221
SHA15553e614b8c46d38c9ef2dca27c6a9a4af9404ce
SHA256362276b9795a8c73c342ceeb320380908030c5ec515532806ab2c5347fa83842
SHA51238de5e2259a8093f3122a73435b5215f5ef1db2dcbdb86c32d6bcaca1270b9ca100f8e1bf76e573f2be319d2fd5fcbcc5cbb946ea8769ea15159b82ed55be6bc
-
Filesize
1KB
MD59b83e271f12f5351cf888f3c028e4f1c
SHA150a461c143711d65c3895525286537f91ca6b42e
SHA256e590935f766ad07f40746804818747ae2f0c16a15b710ce6e9f5388c69795365
SHA51212526a372d36408e55e92ef0e93178dd55b069d3bc11d59441669c11329ab7f61a12765e28fbea6216820c8dc65eff527732ee8cabfb8cc4b6372aca1017ad8a
-
Filesize
2KB
MD5689c33ddd04a110981fcf6627906b756
SHA11bec441500bb53a0a669a4e1ad7c3d729b94c9d5
SHA25650307b9d4d84a7a8f5fd0b3504e4fe30f865579e498f74661f78b197a6b98062
SHA51298c2e710d6b111107ba9ce7060ea050f58db878c49032e1995219630ea8c55a766ddb0bbfbd4e79accba4bfa84d242d8cdfce414e8e289489d90b1883ae28aef
-
Filesize
7KB
MD5bd89e30284a158a38c185ba23d7f6fc9
SHA1595752a65eb5b0d8ababd5379b2f0c72702b2779
SHA256d3446d170feb1c8388b00568c8bb4598a9ec12011f672de5e1a3015253111cd3
SHA512ef179cd6af2f711662d6e0678dee2eb29074165cdc723628c2faa3b8d72b0389e59d12d613895538fee915319c696b7e3d4d571552a72a6bddda8a01c4cef452
-
Filesize
5KB
MD5de51d9338609348a1a29d035c2d26f20
SHA1574052496fef7235fa2c4026cf9ccecee083ed0d
SHA256e133f5526d646f672f593f334e32584c9839c44b6b3b075903369f497bb467d1
SHA5127c19dbefa11c8666bcf22939a9a5e48e55437561a21d4f07261f73f50df9cbe175f0a483097aba6e8e787f03a10dade37080211f453156f44d72b9d1b728e248
-
Filesize
7KB
MD5bb8f99d264c5e5a3a3fccd6ee7886057
SHA16ebb1c69d9d5a5ecb06507f1c95979dfb3f45a10
SHA2563f87b7960ea3e7320f83062aa0b7af774537b9ad791f516963719a9ea7c7531f
SHA51227aa0a526e36b15fd99f93c75fb458c8e8ca646e429ce176c2b359ec8455eb84412b72a15659fd7cc13dadc05dace1c681611633a9ea040d1f95573da3849b5f
-
Filesize
7KB
MD5042cbca8060a24ba406195a824630471
SHA18a82ea77bf4e5bd871f5cb5b926e424cf8579582
SHA25663870e1ce41e6bd499291a095b1d9e0a7faca5d4f2dbc84e839b9744b3c720c8
SHA512db8d79dc4c07a6b32068f82686279070b0c6fc7a0794f0985cf30ec1315a085bbd5d2e657a295d30c5e9e777b81a660f3014d3f0da9f08c9f6f4f1d319f73b31
-
Filesize
7KB
MD5be48649c9bb0d99d8d70ae060d581a7f
SHA19d7fc70a46f3d9b1aa692e67a7e70bf49f12119a
SHA256e38e012b60cff6597c3994a652131bd246f81b5b591457be45ed971ce677e61c
SHA5121908eaeef60f4da6b28e1c1ec196197aef427baa09723ed6004214c42920a7c19ac201e90a8889b86f3639c0c0d2dc79bb8ae9567b3969cea6209707d3487bf0
-
Filesize
7KB
MD5d870edf2984ff855bfc8a68381c20412
SHA1afa8ea825151887d1e22f7938f750faf96f0ae08
SHA256934e4af5f143b30ca5706d09fe8bd788caebf287a7e938b843be7c7e2ebbc323
SHA5124a556c5b8db3768ecdaf305064a44223a4cacb395d6347d4245b522679fdc96b0ae7b42d51ee0aeac6651bbd96350de144ab19d01f9fcde94b9c7c1e2195d1d1
-
Filesize
72B
MD5202a59aa3aaebb8c2cf1894105275cfe
SHA125fc6c7f4cbcdc2afa05edf130b5afb10a8e6f37
SHA25697cf69a2c8566cb10603790a11cca23cdc49a76e388bed246f896d7fb5e6fbca
SHA5123bc95ed312ab39b6fbc19378cfbeab5c1c9525349eb05c3738fdf2b18439dda4bdc45d46171ce25f5eeae63c87a5e1cefc6db1c48c7b932462db4e3093a65b2c
-
Filesize
48B
MD566865bead889a9c403d08902a1ddeffb
SHA1686cce68d844ee2bb4624dd81b37253fa9b03036
SHA256509e97b87fb2552080400381cfce4c13867cd7f718ed64250baaaca2270324a1
SHA512eaa894fe3d764c32f6b1b225154267099a7f1a3236d5efc164c4cf5a207fe15c653a7f60fe9f46edad191923043499707159a0f57f25cb8dc63851cec28c37e9
-
Filesize
2KB
MD5187b6346d2f3ac757cb48d86d4bd0a65
SHA15e558a1bce6f0333c3b601ae62cdc19345cfc5d7
SHA2565defc2fbab3951bef07f5e598ef800856e37db15ddca551195c6d65c2d4e9ea3
SHA512e6111a8176f932f8f2c9c8176c2066af7b1f32f025b6e074a3ade58d82c60cb8bd4e607d22a99bf6d90c5867348cf74b034a501bd97d5f752808599d1beb35bf
-
Filesize
2KB
MD58fb0b98d72175350fa3e830573fe3c22
SHA15177968c20f83f403812b4983d3b52710cbaae9c
SHA256be7b4d76ea8c69a3c2855a9b486d192cd853f7c2e94945fb448583a959ff36bb
SHA5120d9123c2aeeb190e992b1c5450ce4718279954d92ecf0b5c506a8295b4c42de2af9b41e7bd331019fe8cfacebbdfb95a68c1510ce0368d4406cd778dee6b6678
-
Filesize
1KB
MD5e7f98cde2094f284f04b99e9471a5c70
SHA160007cf65292feded4fabf8fae957571a1dc7e88
SHA2564a366d9472da874251651654322e903997449e76f67cd69c56e9e6fe8857b266
SHA5122f1c45fe1859b9edf68f613cc7eb67a2b534b6f6531b3a09a38cb43f5d83c62ed39faed6d9b993a1a4a82cac3c2cddac8534b02dba4a9c4b0f38ab4a6f2e6096
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56a8b49141b05a77a71f31a489b86a449
SHA17a51f55e8a1ce9daaea13e2b71327b620952a745
SHA2561251d87568c2af29afdf2b8f3061ae503eaa685a8e0fce158ee750112219cfd6
SHA512169f42ca2ec2ad27137397927cb1b3054140080777bd0ab3e8d4657174a143cd1bb2e7434c8c4d11733b92d4333344ca1a7dcfec8afac160fd49eb8327c22841
-
Filesize
10KB
MD59216fc54938a2acccd1e88ebdb72c028
SHA124966795cfc87ba4fc4c68bcd5825f991d8bd9ad
SHA2561da45087b1daa5c6e2b6f7795dd8bdb392be0ca249b92682742cc4bd357855b1
SHA51253a0591448e11ea64178595e712d08dc1a4b24f45a1f3c616e33fbc943955fcf76e5ee4bda3ca16294c00beacf51db44eec377c749a4b65a8b417ca297b4f685
-
Filesize
10KB
MD5da42afdf98a3270a0cab40895a05767a
SHA1d42f52f3db8ada21b72eef53e370815dc27b5977
SHA256c348b5b5bc3abf17821c10f643630518232f09f89774e15ffa950cb21e514418
SHA5128626b3e615f47b69a221b648778f9f908035e12950688f4061315903d1981739fd6dddbaf9154e8bb46cfd473b0095e23f7b0093aa578417b0c8d7540e173284
-
Filesize
10KB
MD5998ea3b4636f362805f09074216bebd3
SHA191266f7d7a37eb6a92398f37faee4cd96f8652cb
SHA256797043a817028a501dffe8e6073648195eaad36a9a9bab561bd42f813d1c55cc
SHA512e919619895b08d6ea8735b0005c0c6ca692d0d5980fcda27447625c06979045a85b23faf1ed80e5e58af43fb4dd4377f86fceeb662ac5edd3529813a9e052831
-
Filesize
1.6MB
MD5d2ebd82a5d3fac11d44d90d8df253bb9
SHA1ba94b456e111ea9573fe150ad4090a66540c9938
SHA25604b65aa7b23d0c7ebbd6e022a600fbc43c0ee896ed280e48ac59e17fb0a2311d
SHA51249e9ef8066200cd6ec079943c1fbcda95cab2d3042f635ed57949e0c0701ecdf34ea8f16324994dc77bc3ec9fc67882ea88b4d543974e90bf4e8cf69b15e073c
-
Filesize
15KB
MD5ee68463fed225c5c98d800bdbd205598
SHA1306364af624de3028e2078c4d8c234fa497bd723
SHA256419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04
SHA512b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107
-
Filesize
7KB
MD5d070f3275df715bf3708beff2c6c307d
SHA193d3725801e07303e9727c4369e19fd139e69023
SHA25642dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
SHA512fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
6.1MB
MD5ad0fde3ecfc62e0ec5c3b75e15751ac4
SHA1c9b7254bc3ba1716db45bd72889e3df901cc3da7
SHA256c9ff34cb7d2374891dbd649a3bbaee384e41736818754dd6ba836df250bf8a74
SHA5128b6ce18cf0737d56273f6fe1b28066b52082bd8c688eb2767a5eb7d6dbdca717c7610d0e8098e05903573a417ef0b642f0823d015820db8494114d376ebc8576
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
