General
-
Target
JJSploit_8.10.14_x64_en-US.msi
-
Size
5.0MB
-
Sample
241120-y22qlssbmh
-
MD5
9a5e4420fd429b7444e7f02b2b52d0bc
-
SHA1
056e5ac7ef1334698f4337435985a2d6a52ae059
-
SHA256
44ef9c095fdc078cad8648bc9ec75f744d2c72229ee427eac65fbc1859e57172
-
SHA512
7728f89d67bf145106d7c86dd7a1ad27aac74898210bd86d944d7a9111c41fb3df1ab2acab5a4d5bd9cf1a6dd66d9b460368c7994bfbe8807e4c21ae142f8f5e
-
SSDEEP
98304:461sCoKXIA5gnPoEcXGwMKDHLG/mJhYheaVyvF9bmgDMjPjV+H7nHNjC3v8m:4XCXIkgP7cdPG/05bmgAjPh+7HV
Static task
static1
Behavioral task
behavioral1
Sample
JJSploit_8.10.14_x64_en-US.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JJSploit_8.10.14_x64_en-US.msi
-
Size
5.0MB
-
MD5
9a5e4420fd429b7444e7f02b2b52d0bc
-
SHA1
056e5ac7ef1334698f4337435985a2d6a52ae059
-
SHA256
44ef9c095fdc078cad8648bc9ec75f744d2c72229ee427eac65fbc1859e57172
-
SHA512
7728f89d67bf145106d7c86dd7a1ad27aac74898210bd86d944d7a9111c41fb3df1ab2acab5a4d5bd9cf1a6dd66d9b460368c7994bfbe8807e4c21ae142f8f5e
-
SSDEEP
98304:461sCoKXIA5gnPoEcXGwMKDHLG/mJhYheaVyvF9bmgDMjPjV+H7nHNjC3v8m:4XCXIkgP7cdPG/05bmgAjPh+7HV
-
Blocklisted process makes network request
-
A potential corporate email address has been identified in the URL: [email protected]
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1