Overview

overview

10

Static

static

CSBM_Invoice-m567.js

windows7_x64

10

CSBM_Invoice-m567.js

windows10_x64

10

Analysis

  • max time kernel
    162s
  • max time network
    206s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-08-2021 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CSBM_Invoice-m567.js

  • Size

    23KB

  • MD5

    ef55fb87afa217b3e8852fba9f6254a4

  • SHA1

    8bbcf900a8bffc595c56d02f5cc6bf156e48900e

  • SHA256

    be9f6db4ab45c053b4abed96b5c9f6729603831bb0087229af68417a5b6414b8

  • SHA512

    491c96096b48a8fd164ff9761914a62043175ccfaebdf545b868492e8f78ca12a0a59cc04f78f4ab2a384091aae8d16c5dc4f392edb18e832c0716ae1e336cb2

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 19 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\CSBM_Invoice-m567.js
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\OTzyMlFsEE.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:1668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\OTzyMlFsEE.js
    MD5

    f6f3498b20a2bcf3e8936ff1157ccd25

    SHA1

    2933a45dcd0d39b926f0dadf65b2d8003288b488

    SHA256

    24976e6f497b871e0697069df4bc110b4c2bd246d85934b9debfa9ce7a200f5b

    SHA512

    1d1a11f84c9c72d87d98c3ac931b848dd8684ac91bb47d9199942544cfbc0fd94ed08c5e8fd8e54bbb3e6065f6e934023d3793697b0e7113ac5902e8ce1dad70

    Download Submit
  • memory/1668-60-0x0000000000000000-mapping.dmp
    Download