Malware Analysis Report

2025-06-15 21:05

Sample ID 220817-sx8epshdfk
Target bZQEUbJxNj.js
SHA256 bc831f27e6da7b5e82be628a1564c8b6aee02ec9290c5d21f99733dd2d1db47b
Tags
vjw0rm trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc831f27e6da7b5e82be628a1564c8b6aee02ec9290c5d21f99733dd2d1db47b

Threat Level: Known bad

The file bZQEUbJxNj.js was found to be: Known bad.

Malicious Activity Summary

vjw0rm trojan worm

Vjw0rm

Blocklisted process makes network request

Drops startup file

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-08-17 15:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-17 15:31

Reported

2022-08-17 15:33

Platform

win7-20220812-en

Max time kernel

146s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Signatures

Vjw0rm

trojan worm vjw0rm

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A

Enumerates physical storage devices

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 macjoe597.duia.ro udp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp

Files

memory/1280-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-17 15:31

Reported

2022-08-17 15:34

Platform

win10v2004-20220812-en

Max time kernel

143s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Signatures

Vjw0rm

trojan worm vjw0rm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A

Enumerates physical storage devices

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 macjoe597.duia.ro udp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
US 20.42.73.24:443 tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
US 8.252.117.126:80 tcp
US 8.252.117.126:80 tcp
US 8.252.117.126:80 tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp
CH 91.192.100.8:8159 macjoe597.duia.ro tcp

Files

N/A