Analysis
-
max time kernel
121s -
max time network
152s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-06-2021 08:14
General
-
Target
all_deob.txt.ps1
-
Size
4KB
-
MD5
2a3c6390d976aec2d7bb8c440a2a3a03
-
SHA1
2162899c2d58eb3b80c917a14d408c5853aa7ef2
-
SHA256
84df27403b7b9316e2c84b8212bea94b1ffaabfe22151fb9834d1524f69b0321
-
SHA512
71c8a58ad5a5ca7af11cb5cc7366af46269d2ce908fb9cb162e26d461ab0be6f285cc0cd8d828ba2bba905cba236f66686ceabbc9b63ffed980f9cc6c134b84f
Score
10/10
Malware Config
Signatures
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\all_deob.txt.ps11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/736-60-0x000007FEFB8F1000-0x000007FEFB8F3000-memory.dmpFilesize
8KB
-
memory/736-61-0x0000000002550000-0x0000000002551000-memory.dmpFilesize
4KB
-
memory/736-62-0x000000001AB30000-0x000000001AB31000-memory.dmpFilesize
4KB
-
memory/736-63-0x00000000024A0000-0x00000000024A1000-memory.dmpFilesize
4KB
-
memory/736-65-0x000000001AAB4000-0x000000001AAB6000-memory.dmpFilesize
8KB
-
memory/736-64-0x000000001AAB0000-0x000000001AAB2000-memory.dmpFilesize
8KB
-
memory/736-66-0x0000000001FA0000-0x0000000001FA1000-memory.dmpFilesize
4KB
-
memory/736-67-0x000000001C310000-0x000000001C311000-memory.dmpFilesize
4KB
-
memory/736-68-0x000000001C660000-0x000000001C661000-memory.dmpFilesize
4KB