analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

JJSploit

Full analysis: https://app.any.run/tasks/0d82c7ef-1f7d-45f1-bfe0-5287619f68d2
Verdict: Malicious activity
Analysis date: October 19, 2020, 23:03:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text
MD5:

940B50BD59BFF9BBDEE8A9D89A95551B

SHA1:

4911E045CB3B6786A18B65E8D4AD8F2BBEE55470

SHA256:

8D3E5D8FB926A548FB9893FC5BCA82B900C49551A45EF8131748DE7457352741

SSDEEP:

384:4UWWlUkMmAxUeUmSEiRiT1UOUTVxWdJWDWimWiMStSimSiYSiIsVGjfXMZEWjJpD:4lWlU7mgflS5YT1/8xWdJinmnMO7m7Yf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • JJSploit_v5_Setup_5.3.4.exe (PID: 624)
    • Loads dropped or rewritten executable

      • JJSploit_v5_Setup_5.3.4.exe (PID: 624)
      • JJSploit v5.exe (PID: 3528)
      • JJSploit v5.exe (PID: 2284)
      • JJSploit v5.exe (PID: 1408)
      • JJSploit v5.exe (PID: 2868)
      • JJSploit v5.exe (PID: 1388)
      • JJSploit v5.exe (PID: 1628)
      • JJSploit v5.exe (PID: 3776)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 1232)
      • JJSploit_v5_Setup_5.3.4.exe (PID: 624)
      • JJSploit v5.exe (PID: 3528)
      • JJSploit v5.exe (PID: 1628)
    • Creates files in the user directory

      • JJSploit_v5_Setup_5.3.4.exe (PID: 624)
      • JJSploit v5.exe (PID: 3528)
      • JJSploit v5.exe (PID: 1628)
    • Creates a software uninstall entry

      • JJSploit_v5_Setup_5.3.4.exe (PID: 624)
    • Starts Internet Explorer

      • JJSploit v5.exe (PID: 3528)
    • Application launched itself

      • JJSploit v5.exe (PID: 3528)
      • JJSploit v5.exe (PID: 1628)
  • INFO

    • Reads Internet Cache Settings

      • chrome.exe (PID: 1232)
      • iexplore.exe (PID: 3736)
      • iexplore.exe (PID: 2740)
      • iexplore.exe (PID: 3156)
      • iexplore.exe (PID: 2724)
    • Reads the hosts file

      • chrome.exe (PID: 1232)
      • chrome.exe (PID: 2364)
      • JJSploit v5.exe (PID: 3528)
      • JJSploit v5.exe (PID: 1628)
    • Manual execution by user

      • chrome.exe (PID: 1232)
      • JJSploit v5.exe (PID: 3528)
      • JJSploit v5.exe (PID: 1628)
    • Creates files in the user directory

      • Opera.exe (PID: 2616)
      • iexplore.exe (PID: 3156)
    • Application launched itself

      • chrome.exe (PID: 1232)
      • iexplore.exe (PID: 2740)
      • iexplore.exe (PID: 3736)
    • Changes internet zones settings

      • iexplore.exe (PID: 2740)
      • iexplore.exe (PID: 3736)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3156)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3156)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

HTML

Title: JJSploit Download - WeAreDevs
Description: JJSploit download - Offers a near full Lua executor, click teleport, ESP, speed, fly, infinite jump, and so much more. A powerful all in one package.
Keywords: JJSploit, Exploits, dll, hacks, cheats, developers, social, media
viewport: width=device-width, initial-scale=1, shrink-to-fit=no, maximum-scale=1, user-scalable=0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
82
Monitored processes
43
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start rundll32.exe no specs opera.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs jjsploit_v5_setup_5.3.4.exe chrome.exe no specs jjsploit v5.exe chrome.exe no specs jjsploit v5.exe no specs jjsploit v5.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe iexplore.exe jjsploit v5.exe no specs jjsploit v5.exe jjsploit v5.exe no specs jjsploit v5.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
544"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\JJSploitC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2616"C:\Program Files\Opera\Opera.exe" "C:\Users\admin\AppData\Local\Temp\JJSploit"C:\Program Files\Opera\Opera.exe
rundll32.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
1748
1232"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3588"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f5da9d0,0x6f5da9e0,0x6f5da9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2208 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1872"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,3617150852294207498,857251105970366490,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7810803135521385244 --mojo-platform-channel-handle=1016 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2364"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,3617150852294207498,857251105970366490,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6405803145509225138 --mojo-platform-channel-handle=1656 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2720"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3617150852294207498,857251105970366490,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2846027484263729234 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
4068"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3617150852294207498,857251105970366490,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13516197688610944187 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2028"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,3617150852294207498,857251105970366490,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16525813444975280358 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
2 972
Read events
2 511
Write events
0
Delete events
0

Modification events

No data
Executable files
24
Suspicious files
154
Text files
148
Unknown types
84

Dropped files

PID
Process
Filename
Type
2616Opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr646F.tmp
MD5:
SHA256:
2616Opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opr6480.tmp
MD5:
SHA256:
2616Opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opr64CF.tmp
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8E1B79-4D0.pma
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4f845ca2-a44e-4132-8dcb-9872bcd5e869.tmp
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:67F45CAA18C889645F50CD6216C81E65
SHA256:33ED82CDDDFFD55A5059C147C6CD20F66C6712314F890A39576D3C10914D0029
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF12a550.TMPtext
MD5:FB5B20517A0D1F7DAD485989565BEE5E
SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7
SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2
1232chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:C2DDBA63E4A2BD2E39A8B6C2C6384AAE
SHA256:6D5C1C78341C6F84911055D970ADDB0EC3499F8BF7FADE062122A22209CE67D9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
109
DNS requests
70
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2364
chrome.exe
GET
301
172.67.71.2:80
http://wearedevs.net/
US
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCOUTy4wn8XWggAAAAAWy8I
US
der
472 b
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFxzHFVMkzzTAgAAAAB9mAs%3D
US
der
471 b
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDs6m8Yj1axcgIAAAAAfDUL
US
der
472 b
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFxzHFVMkzzTAgAAAAB9mAs%3D
US
der
471 b
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2616
Opera.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEA4YOXqz7MGue4%2F8tGjZAiw%3D
US
der
471 b
whitelisted
3156
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDs6m8Yj1axcgIAAAAAfDUL
US
der
472 b
whitelisted
2724
iexplore.exe
GET
200
172.217.23.131:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2364
chrome.exe
172.217.21.237:443
accounts.google.com
Google Inc.
US
whitelisted
2364
chrome.exe
216.58.212.142:443
apis.google.com
Google Inc.
US
whitelisted
2616
Opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
4
System
172.217.16.130:445
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2364
chrome.exe
172.217.18.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2364
chrome.exe
172.217.16.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2616
Opera.exe
172.67.71.2:443
cdn.wearedevs.net
US
suspicious
4
System
172.217.16.130:139
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2364
chrome.exe
216.58.210.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2364
chrome.exe
172.217.22.14:443
ogs.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
certs.opera.com
  • 185.26.182.93
  • 185.26.182.94
whitelisted
pagead2.googlesyndication.com
  • 172.217.16.130
whitelisted
clientservices.googleapis.com
  • 172.217.18.99
whitelisted
accounts.google.com
  • 172.217.21.237
shared
www.google.com
  • 172.217.18.164
whitelisted
fonts.googleapis.com
  • 172.217.16.170
whitelisted
www.gstatic.com
  • 216.58.212.131
whitelisted
fonts.gstatic.com
  • 216.58.210.3
  • 142.250.74.195
whitelisted
apis.google.com
  • 216.58.212.142
whitelisted
ogs.google.com
  • 172.217.22.14
whitelisted

Threats

No threats detected
No debug info