General
-
Target
JJSploit_8.10.11_x64_en-US.msi
-
Size
5.0MB
-
Sample
241109-1mecwaskb1
-
MD5
190d3be205525ee48e3ca0a3d6fce256
-
SHA1
cdf09c9b04b8e6ed1ce6ea017ee821cbd6e53ba5
-
SHA256
a6f64d8f09f87379ebb9479366d0ec4a56e60c9c7b2e162af668be2beb9756d9
-
SHA512
28c6251668f14082abc387d1ef8bdc8acb0d62f258ce1d229814092057ee2e7dab3bc585d648a4ce8ebac3bf0dee09842d7defa5df450891347b3aeaca20df09
-
SSDEEP
98304:GImWIIu6k5Wswf4SjCJK7DT3CmkVZ/AKEaqjD97FuGyytYDit7OcIHv8m:1mR66KwSjSKHrCSv7FugZPI
Static task
static1
Behavioral task
behavioral1
Sample
JJSploit_8.10.11_x64_en-US.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JJSploit_8.10.11_x64_en-US.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JJSploit_8.10.11_x64_en-US.msi
-
Size
5.0MB
-
MD5
190d3be205525ee48e3ca0a3d6fce256
-
SHA1
cdf09c9b04b8e6ed1ce6ea017ee821cbd6e53ba5
-
SHA256
a6f64d8f09f87379ebb9479366d0ec4a56e60c9c7b2e162af668be2beb9756d9
-
SHA512
28c6251668f14082abc387d1ef8bdc8acb0d62f258ce1d229814092057ee2e7dab3bc585d648a4ce8ebac3bf0dee09842d7defa5df450891347b3aeaca20df09
-
SSDEEP
98304:GImWIIu6k5Wswf4SjCJK7DT3CmkVZ/AKEaqjD97FuGyytYDit7OcIHv8m:1mR66KwSjSKHrCSv7FugZPI
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1