Overview

overview

10

Static

static

all_deob.txt.ps1

windows7_x64

10

all_deob.txt.ps1

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    05-06-2021 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    all_deob.txt.ps1

  • Size

    4KB

  • MD5

    2a3c6390d976aec2d7bb8c440a2a3a03

  • SHA1

    2162899c2d58eb3b80c917a14d408c5853aa7ef2

  • SHA256

    84df27403b7b9316e2c84b8212bea94b1ffaabfe22151fb9834d1524f69b0321

  • SHA512

    71c8a58ad5a5ca7af11cb5cc7366af46269d2ce908fb9cb162e26d461ab0be6f285cc0cd8d828ba2bba905cba236f66686ceabbc9b63ffed980f9cc6c134b84f

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\all_deob.txt.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4044-118-0x000001982EC40000-0x000001982EC41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4044-119-0x000001982ECB0000-0x000001982ECB2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4044-121-0x000001982ECB3000-0x000001982ECB5000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4044-123-0x000001982EE40000-0x000001982EE41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4044-156-0x000001982ECB6000-0x000001982ECB8000-memory.dmp
    Filesize

    8KB

    Download