Overview

overview

10

Static

static

ORDER-21729.doc.js

windows7_x64

10

ORDER-21729.doc.js

windows10_x64

10

Analysis

  • max time kernel
    139s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    29-07-2021 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ORDER-21729.doc.js

  • Size

    148KB

  • MD5

    be1345c7e8039f7d3782a06a03361767

  • SHA1

    21d422062fa6de71e94b529e67566477333df43f

  • SHA256

    42cadce684f1b747fa31f2c109c2a729ca5d1baf4aed93f3c3f87fb8f7053deb

  • SHA512

    54a486c8e832cedbadee557fd64f54493bf4ee7c5be2fe4f08a9c1a29f6663d1b91bddbf3038e306bf5060578617b7c6dd502f66e2444d7dc79e2da812a96da8

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 1 IoCs
  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\ORDER-21729.doc.js
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    PID:1932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1932-59-0x000007FEFBC31000-0x000007FEFBC33000-memory.dmp

    Filesize

    8KB

    Download