Overview

overview

10

Static

static

Invoice-7.js

windows7_x64

10

Invoice-7.js

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-08-2021 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Invoice-7.js

  • Size

    26KB

  • MD5

    0518c4dcdd42ff9853e7698488b73128

  • SHA1

    2207755fb06fae33421089558f89e93912dbe041

  • SHA256

    9f3cce73e846d61935128bfbd96014818b9be2d800d3fb13d5649f5eec38df1b

  • SHA512

    0d0457f52dedd5c3b24e7d7c0700562c4df3e8a260f96d5e83890a8008a33c3ee00f392697f10fcab5c0c3599dd247042d6713bafd94653cce4ab9165b59e31d

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 16 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Invoice-7.js
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\BzcPYMcTBP.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\BzcPYMcTBP.js
    MD5

    859e2baede14ce52a245894fb546b02b

    SHA1

    05a23854492ef59f0c704c9c8c677ab1eda554e5

    SHA256

    57bd7852e743f0de266aeaee04a94b1bd4fdd16f49355c1959f7a4ccaa7f5606

    SHA512

    29b426ec5279616cfb2777881989e7435a59bb26aca8406a856996e92ca8790a1dd66562a01720dab91b61c17d9dc9b156f07c82a8feb84f6fccda8bb1450a5e

    Download Submit
  • memory/472-59-0x0000000000000000-mapping.dmp
    Download