f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f | Triage

Submit
Reports

Overview

overview

8

Static

static

1

JJSploit_8...US.msi

windows7-x64

8

JJSploit_8...US.msi

windows10-2004-x64

6

Sharing

General

Target

JJSploit_8.10.15_x64_en-US.msi
Size

5.1MB
Sample

250328-26ey7attfy
MD5

cc9626b9eb05fcc4f0a12616e2c23504
SHA1

70ef30a35c8cd3cf2dbaff4dcdf47c33fedbec85
SHA256

f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f
SHA512

5ad2999acec2f2161582c973366592b035dd52d167d8d7e3d1358ad75ec4bf7a74b5c4f06cf51110227498a1881f67970b5a1d1e0adeb7b1c901bcd259fbac3d
SSDEEP

98304:GbGNUrEtdzbkOQYaDaAtmtcljz7hZW79bQPUxpoxssPMSBvDl0CxLzKWa8v8m:21mdbkruAt38bQPKo+sPBvB0eLzKWa

Score

8^/10

defense_evasion discovery execution persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

JJSploit_8.10.15_x64_en-US.msi

Resource

win7-20240903-en

discovery execution persistence privilege_escalation

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JJSploit_8.10.15_x64_en-US.msi

Resource

win10v2004-20250314-en

defense_evasion discovery persistence privilege_escalation trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  JJSploit_8.10.15_x64_en-US.msi
- Size
  
  5.1MB
- MD5
  
  cc9626b9eb05fcc4f0a12616e2c23504
- SHA1
  
  70ef30a35c8cd3cf2dbaff4dcdf47c33fedbec85
- SHA256
  
  f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f
- SHA512
  
  5ad2999acec2f2161582c973366592b035dd52d167d8d7e3d1358ad75ec4bf7a74b5c4f06cf51110227498a1881f67970b5a1d1e0adeb7b1c901bcd259fbac3d
- SSDEEP
  
  98304:GbGNUrEtdzbkOQYaDaAtmtcljz7hZW79bQPUxpoxssPMSBvDl0CxLzKWa8v8m:21mdbkruAt38bQPKo+sPBvB0eLzKWa
Score

8^/10

discovery execution persistence privilege_escalation defense_evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistenceprivilege_escalation

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy