Overview

overview

10

Static

static

5

57E10092A0...82.exe

windows7_x64

10

57E10092A0...82.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294224s
  • max time network
    176s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    10-03-2022 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57E10092A0245E6D4D2C2C34100593F38CC6060AEF482.exe

  • Size

    4.2MB

  • MD5

    d59004727742eb8ba309368611e48019

  • SHA1

    55b2dce59cf019f819a980a4a142383b8a537a06

  • SHA256

    57e10092a0245e6d4d2c2c34100593f38cc6060aef482ca83e676b8715a114af

  • SHA512

    dd0c3b1893ef3b7cb0f9b4e565a8839b072b69ac40137622275885616ab25706a4b3effa6696c94ff9a41ee6cbd7fab5abbaa2ed97a7798ca04bb184be9c52f3

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57E10092A0245E6D4D2C2C34100593F38CC6060AEF482.exe
    "C:\Users\Admin\AppData\Local\Temp\57E10092A0245E6D4D2C2C34100593F38CC6060AEF482.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:376
    • C:\Users\Admin\AppData\Local\Temp\winrar-x64-591th.exe
      "C:\Users\Admin\AppData\Local\Temp\winrar-x64-591th.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:516
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Activator_cheker.JS"
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of WriteProcessMemory
      PID:1568
      • C:\Windows\System32\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Activator_cheker.JS
        3⤵
        • Creates scheduled task(s)
        PID:924

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Activator_cheker.JS
    MD5

    01aa3142b7853a1bf64c3b4527473dc6

    SHA1

    b72242e7af597ebed02174f84a4c3cdd20b397a2

    SHA256

    623ed43a12af43c757ab5b6f2699dcb5a766022a6855a87e2597d4842b8b0b0e

    SHA512

    5b941ce3b7a13666b079fe4e90bdb413a93cefa59a4260778c2e133d61e90859301d94a26d705d00c61528aac3baf90efe9aaa89318a0970be520be12be861fb

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-591th.exe
    MD5

    b17cbd558269b27a6619e0547eb38f3d

    SHA1

    eecbbfe8508fa501a1a6873a60d1016faba02b45

    SHA256

    482e35b1769307cff7d9a55942c4880c2dd768dfaa43cf4e47d382c7c0e68e72

    SHA512

    d3c4e36e61cab55d604dedbdf3693d916c27958e4196442602c277cc5e81ddba2c5d1551c87a226bdb85128a530680de08215ae41bba83507a430f594925004a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-591th.exe
    MD5

    b17cbd558269b27a6619e0547eb38f3d

    SHA1

    eecbbfe8508fa501a1a6873a60d1016faba02b45

    SHA256

    482e35b1769307cff7d9a55942c4880c2dd768dfaa43cf4e47d382c7c0e68e72

    SHA512

    d3c4e36e61cab55d604dedbdf3693d916c27958e4196442602c277cc5e81ddba2c5d1551c87a226bdb85128a530680de08215ae41bba83507a430f594925004a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\winrar-x64-591th.exe
    MD5

    b17cbd558269b27a6619e0547eb38f3d

    SHA1

    eecbbfe8508fa501a1a6873a60d1016faba02b45

    SHA256

    482e35b1769307cff7d9a55942c4880c2dd768dfaa43cf4e47d382c7c0e68e72

    SHA512

    d3c4e36e61cab55d604dedbdf3693d916c27958e4196442602c277cc5e81ddba2c5d1551c87a226bdb85128a530680de08215ae41bba83507a430f594925004a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\winrar-x64-591th.exe
    MD5

    b17cbd558269b27a6619e0547eb38f3d

    SHA1

    eecbbfe8508fa501a1a6873a60d1016faba02b45

    SHA256

    482e35b1769307cff7d9a55942c4880c2dd768dfaa43cf4e47d382c7c0e68e72

    SHA512

    d3c4e36e61cab55d604dedbdf3693d916c27958e4196442602c277cc5e81ddba2c5d1551c87a226bdb85128a530680de08215ae41bba83507a430f594925004a

    Download Submit
  • memory/376-54-0x000007FEFC0F1000-0x000007FEFC0F3000-memory.dmp
    Filesize

    8KB

    Download