Analysis
-
max time kernel
148s -
max time network
164s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
15-10-2021 06:56
General
-
Target
eReceipt.js
-
Size
24KB
-
MD5
53e80f5441f77abf03ac535d2ea55327
-
SHA1
d1accac81fc1e6afaa92a563bff1cd124dbc7ae2
-
SHA256
ec12c4a76b8aaaae0bc169b3a974d0b68dda705150fac4dbecd26486f157c039
-
SHA512
27495d649d80dd0814091cafddd067cd866fe9609684d4d2b1e3937aeb845e6403573dfba5d9ef971e94670b2eb8a7be4520b2caf6d142554c6578ad6eb91958
Score
10/10
Malware Config
Signatures
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request 37 IoCs
-
Drops startup file 3 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\eReceipt.js1⤵
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\xTZBMhzFuE.js"2⤵
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\xTZBMhzFuE.jsMD5
c723c09e07ec54a2833fdd1cf2adcee3
SHA19acabb132972ac2dc178e396a903258c61a3adc9
SHA2560d231c7df5c5c19a43d3992e654b6fbbe7fd32b8a66040471dbe398a35947f04
SHA5121ccaeaab8ee01dd7b152e665941094dac1af6b73e8a12c713615be89c95bd8ce76a8c99547ca5f366d63bb71c45a0e15dab0930f0c8cf771cc6ff72ca2c976c2
-
memory/3336-115-0x0000000000000000-mapping.dmp