76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c | Triage

Submit
Reports

Overview

overview

8

Static

static

1

JJSploit_8...US.msi

windows7-x64

8

JJSploit_8...US.msi

windows10-2004-x64

8

Resubmissions

23-10-2024 16:05

241023-tjzq3syepd 8

23-10-2024 16:01

241023-tgan6sydmg 8

Sharing

General

Target

JJSploit_8.10.8_x64_en-US.msi
Size

5.0MB
Sample

241023-tjzq3syepd
MD5

b837d10b9a71425dbf3d62b2cc59f447
SHA1

85c9ba3331f7eb432c28365b0d1f36a201373a72
SHA256

76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
SHA512

f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405
SSDEEP

98304:XPky+agPtUpupDeOds+883iSh79bubjnvmu5/qv4eYb2Tqg9EeYImwqPY6Bvv8m:XPky9GtAcdsENbubzSJb9lyw

Score

8^/10

discovery evasion execution persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

JJSploit_8.10.8_x64_en-US.msi

Resource

win7-20241010-en

discovery execution persistence privilege_escalation

windows7-x64

14 signatures

600 seconds

Behavioral task

behavioral2

Sample

JJSploit_8.10.8_x64_en-US.msi

Resource

win10v2004-20241007-en

discovery evasion execution persistence privilege_escalation trojan

windows10-2004-x64

32 signatures

600 seconds

Malware Config

Targets

- Target
  
  JJSploit_8.10.8_x64_en-US.msi
- Size
  
  5.0MB
- MD5
  
  b837d10b9a71425dbf3d62b2cc59f447
- SHA1
  
  85c9ba3331f7eb432c28365b0d1f36a201373a72
- SHA256
  
  76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
- SHA512
  
  f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405
- SSDEEP
  
  98304:XPky+agPtUpupDeOds+883iSh79bubjnvmu5/qv4eYb2Tqg9EeYImwqPY6Bvv8m:XPky9GtAcdsENbubzSJb9lyw
Score

8^/10

discovery execution persistence privilege_escalation evasion trojan
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Defense Evasion

Modify Registry

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistenceprivilege_escalation

behavioral2

discoveryevasionexecutionpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy