Overview

overview

10

Static

static

lqxlQsUjTm...r 2.js

windows7_x64

10

lqxlQsUjTm...r 2.js

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    164s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    06-09-2021 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lqxlQsUjTm_ee dropper 2.js

  • Size

    27KB

  • MD5

    3bd9840766e032536ab43c4f67b61a68

  • SHA1

    10fcf2f0180c44c9b1fdd966b7e35658fce7fc11

  • SHA256

    42f9f906a9e934e2680f95dd68204fef725c9827148bef6549581a542804062d

  • SHA512

    1cd2b4a23ae9288f6ea758636bb80f65a8b37656754997f7b28c13c13dd60fde9e457d8c94c931ad4c9017bde8cbaa9142c2c2f287e76678f807386e7ee0056d

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 21 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\lqxlQsUjTm_ee dropper 2.js"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\eDiHmfNYxg.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\eDiHmfNYxg.js
    MD5

    d7e5462c55ac8273386ec5bba1715087

    SHA1

    c2cb83079f6df06bf989c567381520ff5e53f4d1

    SHA256

    6645dbe635a1f10e0f05bbebf2d58247f47e1719833a251311a67d3a5c64e2da

    SHA512

    f8bc2e5c86322f472472fff55d5014939641d5850b4b6ce69993b50dbf219dc408a56e840ad6f79de1cdbad8eb5df2642b53aae02cc3fd574e5563e8af43685e

    Download Submit

  • memory/492-114-0x0000000000000000-mapping.dmp

    Download