Analysis
-
max time kernel
149s -
max time network
163s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
08-10-2021 17:58
General
-
Target
eReceipt.js
-
Size
25KB
-
MD5
da308c62cbd20f444b54464c47e74091
-
SHA1
496dc2eebcd81d7bf1ec3fb00ba3f9dbd819962e
-
SHA256
da496f93b454f899587298a910578d3c133dab195a298462ffbd2e1229b14abf
-
SHA512
d4b88169e88a0964a7f8c8ab99f1f03b80cbc121d10ed3089dbde92b4be2962a99d39807516575b0908d90fb17c30755cde2b6ea2b9253da42ec2706e41050dd
Score
10/10
Malware Config
Signatures
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request 37 IoCs
-
Drops startup file 3 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\eReceipt.js1⤵
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\WsjTSEyKfj.js"2⤵
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\WsjTSEyKfj.jsMD5
25eb4a4c27a5fca5e512d6aecd8f66fa
SHA1dfad977ec05b9ce88d44650887841800257d55d8
SHA2568745266f0ab63b38d1e55aa5f6aa90c6620391050fac2d7800bbdb5c0ddddfd5
SHA512394d8cf1f910ca92ddfcb2917249d7d57af1fa85c83d7fdac1a03cd2c956906ee3c84e31c7136f3fb1bfb8a66e0413e3c3c6af185d314db366ee5b27b6bc3f1a
-
memory/4088-114-0x0000000000000000-mapping.dmp