4962e32eda2ccd7238948bf579c629a2e70c9bf5a029aa79abac01da119c4414 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JJSploit_8...up.exe

windows7-x64

8

JJSploit_8...up.exe

windows10-1703-x64

8

JJSploit_8...up.exe

windows10-2004-x64

8

JJSploit_8...up.exe

windows11-21h2-x64

Sharing

General

Target

JJSploit_8.10.7_x64-setup.nsis.zip
Size

5.7MB
Sample

241014-vm8c3awcqb
MD5

8981cd26e588223069f3312444be6cc8
SHA1

cce203a689135cc6a1c79c8c543be5839f7d43e0
SHA256

4962e32eda2ccd7238948bf579c629a2e70c9bf5a029aa79abac01da119c4414
SHA512

3fff093f1f41e84963495919eeb4a1fc43cead24e1ae12eb3d761a1865c28ec8ad20dd7a44b1eb8d4420dd22a5eaf7714a6727706fe2dfbfc6a10272ce20045e
SSDEEP

98304:frPwHVCta3WJ3eKrvOsbroYIknJ0a/eFuwsqQkHOkb5DSnum1YmDhnu5NHxHDb4R:fyMAzKrv5raUJ32kbTlSD16ACG7q

Score

10^/10

discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JJSploit_8.10.7_x64-setup.exe

Resource

win7-20241010-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JJSploit_8.10.7_x64-setup.exe

Resource

win10-20240404-en

windows10-1703-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

JJSploit_8.10.7_x64-setup.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

JJSploit_8.10.7_x64-setup.exe

Resource

win11-20241007-en

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JJSploit_8.10.7_x64-setup.exe
- Size
  
  5.7MB
- MD5
  
  87bece829aec9cd170070742f5cc2db7
- SHA1
  
  0a5d48a24e730dec327f08dfe86f79cc7991563e
- SHA256
  
  88a19d3e027158e8c66d5068303532a0d56a700f718db80aa97e5e44f39bf4a4
- SHA512
  
  198c80d4b430a38ac597ff9023128cdbc9d2891097beef239721c330c75a412c0bdb87a4bfb0609db94f320655f3df1fab7d885843c0af40687e46ddcc88c9d1
- SSDEEP
  
  98304:hrPwHVCta3WJ3eKrvOsbroYIknJ0a/eFuwsqQkHOkb5DSnum1YmDhnu5NHxHDb4I:hyMAzKrv5raUJ32kbTlSD16ACG7x
Score

10^/10

discovery
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy