Overview

overview

10

Static

static

eVoucher.js

windows7_x64

10

eVoucher.js

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    176s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    31-08-2021 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eVoucher.js

  • Size

    30KB

  • MD5

    ef30d08be6b02f148da164e54892c8e3

  • SHA1

    4998edfd067f343a56e03422d3913c1cc7066e4b

  • SHA256

    e21dba51d9968a1073d43143b7acbd4179a8fa73fc5f48921eabac7ea9869daa

  • SHA512

    9e1b1142248c8088c2ecb2bd33887136e4f39c3590ce3b95f2fa5e93b922a07c7ecd598650d91a7ee93c4f018b898a96e49ed41157be607abf1b1ce9845c72c1

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 19 IoCs
  • Drops startup file 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\eVoucher.js
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\JMuHxVQRbU.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:516

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\JMuHxVQRbU.js
    MD5

    33f71afd870cab678bc8b4967a0bd77f

    SHA1

    fa1f2f046d2daf22065a73232317aa5b0a155bdb

    SHA256

    b45b6d0bad5cb0ec3aa0d3388014d9830e2db4162983772174be612aa2f3aefc

    SHA512

    56021edf4b36a130c536e117b197943c78fa81922c383b952e240828ac7ad803338fef02670d1fdb56f0b5403198c36a46d4b1de430bdce00883eca595ee19d5

    Download Submit
  • memory/516-60-0x0000000000000000-mapping.dmp
    Download