Overview

overview

10

Static

static

VJMY250M.js

windows7_x64

10

VJMY250M.js

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    19-08-2021 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VJMY250M.js

  • Size

    67KB

  • MD5

    7e58440b8eb773b24aace538de1c5437

  • SHA1

    b824cf54e9e9e1c28ff2ec6b6e3de9048750f5cb

  • SHA256

    21e0026aeb23c03125337151d862a29372ac17af5663fca1f5ff7beeacf82fc1

  • SHA512

    a3d50e13255253989be68a25304ad51098fdbbe8873269d6fd148cc7ef641639bea881cfb57837182ee0c5036340cdd572706d0ac5552c6be8404404f79db298

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 34 IoCs
  • Drops startup file 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\VJMY250M.js
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\rVRpsUBiCR.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:3944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\rVRpsUBiCR.js
    MD5

    ed533885cb7d43829db0e85dbaabec22

    SHA1

    c19225ec3612ce86d4f5b8046ae65b3332d40776

    SHA256

    6641f0211253402fa4b39005e29c7e0b688d3722d05746040f6c35b4c14182eb

    SHA512

    b6420e3c79ebb31b687f1b3f89ee4a67ea45bc08628aa91cf9ad63cd6c488f198ef6f981ad784cfa6ce3534d937a4a957e02e00d2b09c99301cfba1e90d1996b

    Download Submit
  • memory/3944-114-0x0000000000000000-mapping.dmp
    Download