Overview

overview

10

Static

static

Faktura 22...025.js

windows7_x64

10

Faktura 22...025.js

windows10-2004_x64

Analysis

  • max time kernel
    144s
  • max time network
    181s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    22-06-2022 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Faktura 22062022105025.js

  • Size

    453KB

  • MD5

    e0ee6501ff7c833e22e405f0a3add213

  • SHA1

    bb2685e7c70428de5848f1b1f53d5b687b9610f8

  • SHA256

    5e691b3588f4bcffbe60656a23ee0bb46081c4b7d18d0f600af6508a2dcf7768

  • SHA512

    f3c6eae4a7b33e86c167d2fb3cef9437bb3d3f9beee3c105e4693facca06b38e60322f0e285b2b1d9753d42c1450ff9d5302365c3d81e28f6687bf707a49bdf4

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 14 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Faktura 22062022105025.js"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\hHhUMQQaEJ.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:660
    • C:\Windows\System32\java.exe
      "C:\Windows\System32\java.exe" -jar "C:\Users\Admin\AppData\Local\Temp\SM.jar"
      2⤵
        PID:1176

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\SM.jar
      Filesize

      164KB

      MD5

      edf0e95033cb0df96be06c5088142288

      SHA1

      3972af92633203e7857ec0e4ae65246b32c83539

      SHA256

      9712cb8921bc1aaf24f86d6a82ce59a332f6ad04eb1af0414f9bd51e0f35e049

      SHA512

      b7086f0880328bfbb11f6a48a95bde9718318bec9a66c4d00dc16384a1c7ccae97685c7e50d8278c3a267431032d418c61acc9a9ca926d0bd948b79c722a562a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\hHhUMQQaEJ.js
      Filesize

      58KB

      MD5

      6e19c9be0455699d39ecac41f332827c

      SHA1

      ac1be0bad3bf9c19d5927408809dd7c70ce7ac26

      SHA256

      5bc218e50e5fd2027ff0467989a4972c63a1478eae5ae918728d3b4213df202e

      SHA512

      05ba615f7444271a30da4ffb93faed0b88f4897338ca891df8e834cb79973fdcdd534a8d398757346a7e33de761316d0ae7764abfda3bd9b8170d695aa7ca59d

      Download Submit

    • memory/660-55-0x0000000000000000-mapping.dmp

      Download

    • memory/1176-57-0x0000000000000000-mapping.dmp

      Download

    • memory/1176-70-0x0000000002190000-0x0000000005190000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/1176-71-0x0000000002190000-0x0000000005190000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/1840-54-0x000007FEFB871000-0x000007FEFB873000-memory.dmp

      Filesize

      8KB

      Download