Overview

overview

10

Static

static

eReceipt.js

windows7_x64

10

eReceipt.js

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    18-10-2021 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eReceipt.js

  • Size

    23KB

  • MD5

    e86024bc35002c13c653555802ad2ece

  • SHA1

    6a40601e1e11cf7c9dbd815040211d75e73c0e6a

  • SHA256

    6af2616970680def8dc9f6f6af83fbf68c96a95fec6638216dc303d02bd8476e

  • SHA512

    0e80c8fbe3f339f97f8372e5c6d3d77e6423316a16252fbda571e27e469702643d89e80a7f9611446e400632cdc8b3f011f2d82791958448268a3186986298a1

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 36 IoCs
  • Drops startup file 3 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\eReceipt.js
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\kFbewbBkWg.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:3140

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\kFbewbBkWg.js
    MD5

    745cdc100a8cc18004ac54875c5323af

    SHA1

    2e87b98257f64a8ff12fae9bcb33a91226496a10

    SHA256

    d457a895563f1cf63b7aa240244cfcc4d89767323ae4b56244c0770f9b72aa8a

    SHA512

    71f07852235868a59cdc84db3a39db81c5c9ce7661b68819ae65f6708123b86b24a414c9ac6e1f20a38530a5300b7d6a1b5c544348bff566150e4e02f952c305

    Download Submit
  • memory/3140-115-0x0000000000000000-mapping.dmp
    Download