General
-
Target
JJSploit_8.10.15_x64_en-US.msi
-
Size
5.1MB
-
Sample
250115-1mgs1axmck
-
MD5
cc9626b9eb05fcc4f0a12616e2c23504
-
SHA1
70ef30a35c8cd3cf2dbaff4dcdf47c33fedbec85
-
SHA256
f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f
-
SHA512
5ad2999acec2f2161582c973366592b035dd52d167d8d7e3d1358ad75ec4bf7a74b5c4f06cf51110227498a1881f67970b5a1d1e0adeb7b1c901bcd259fbac3d
-
SSDEEP
98304:GbGNUrEtdzbkOQYaDaAtmtcljz7hZW79bQPUxpoxssPMSBvDl0CxLzKWa8v8m:21mdbkruAt38bQPKo+sPBvB0eLzKWa
Static task
static1
Behavioral task
behavioral1
Sample
JJSploit_8.10.15_x64_en-US.msi
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JJSploit_8.10.15_x64_en-US.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JJSploit_8.10.15_x64_en-US.msi
-
Size
5.1MB
-
MD5
cc9626b9eb05fcc4f0a12616e2c23504
-
SHA1
70ef30a35c8cd3cf2dbaff4dcdf47c33fedbec85
-
SHA256
f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f
-
SHA512
5ad2999acec2f2161582c973366592b035dd52d167d8d7e3d1358ad75ec4bf7a74b5c4f06cf51110227498a1881f67970b5a1d1e0adeb7b1c901bcd259fbac3d
-
SSDEEP
98304:GbGNUrEtdzbkOQYaDaAtmtcljz7hZW79bQPUxpoxssPMSBvDl0CxLzKWa8v8m:21mdbkruAt38bQPKo+sPBvB0eLzKWa
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1