vjw0rm | eb36e0d72eeabd0731238af52c8f2175ff809091c117f83e0945928550c93850

Analysis

Target

ReceiptTT54657534.js
Size

169KB
MD5

6923fdb0993ace8c1ee750f0b3810a1c
SHA1

9b8dc652eb39737c6bfdb505dbbf8617c36efadf
SHA256

eb36e0d72eeabd0731238af52c8f2175ff809091c117f83e0945928550c93850
SHA512

10a9dbcf6d5b598a324019304aff8d86765297a94c21db71789dacdd015737322173aa9e9b3eb612d22ff5dc7b897ffefe180ab5fc37cb095a1cf046fe676aec

Score

10^/10

vjw0rm trojan worm

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm

Blocklisted process makes network request 37 IoCs

Processes:

wscript.exe

Drops startup file 1 IoCs

Processes:

wscript.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReceiptTT54657534.js wscript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReceiptTT54657534.js	wscript.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact