Overview

overview

10

Static

static

Order Rece...-22.js

windows7_x64

10

Order Rece...-22.js

windows10-2004_x64

10

Analysis

  • max time kernel
    155s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order Receipt UPS1605-192-DD-22.js

  • Size

    20KB

  • MD5

    8d2786e0a6c850c170c679a54e0d5f20

  • SHA1

    0fd46e20522fd76ea36953c971fe93c8b03f7a23

  • SHA256

    56996c6145346114bcefd9028fa95a8232d1ce0e380e216a06975d7cad14c649

  • SHA512

    10370279326a30c41dc49f58884734ee3c56d7c99441f123bb42bb0949d0b966b73ec18ddc7aba71b62b2bb5428bb2ddb4e645c05fb2350d0b2cae738a90d2ec

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://shizzlegateway.duckdns.org:1605

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 17 IoCs
  • Drops startup file 3 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Order Receipt UPS1605-192-DD-22.js"
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\euzvArPgoF.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:572

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\euzvArPgoF.js
    MD5

    67169d1ab2dfb5a49bcc1479af675084

    SHA1

    069864adaa1f4a8348b7932a8f015d95a9767d2e

    SHA256

    6d56ae4f6e2f11e03334d9c649a4f9af6c00d59ba59bc4d29a55477309bf14a1

    SHA512

    f45c34a8de1127d9fbde553c33b9e2ac394d7713b99f2df4d55b1e8c130eb21e498f0191c7345c56fcb151e0a52dc90249a3c6ecc2440f0d203f87a984c26586

    Download Submit