Malware Analysis Report

2025-06-15 21:06

Sample ID 220817-ta4nnshfbn
Target bZQEUbJxNj.js
SHA256 bc831f27e6da7b5e82be628a1564c8b6aee02ec9290c5d21f99733dd2d1db47b
Tags
vjw0rm trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc831f27e6da7b5e82be628a1564c8b6aee02ec9290c5d21f99733dd2d1db47b

Threat Level: Known bad

The file bZQEUbJxNj.js was found to be: Known bad.

Malicious Activity Summary

vjw0rm trojan worm

Vjw0rm

Blocklisted process makes network request

Drops startup file

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-08-17 15:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-17 15:52

Reported

2022-08-17 15:54

Platform

win7-20220812-en

Max time kernel

148s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Signatures

Vjw0rm

trojan worm vjw0rm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A

Enumerates physical storage devices

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 macjoe597.duia.ro udp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp
N/A 100.103.106.134:8159 macjoe597.duia.ro tcp

Files

memory/1020-54-0x000007FEFC461000-0x000007FEFC463000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-08-17 15:52

Reported

2022-08-17 15:54

Platform

win10v2004-20220812-en

Max time kernel

145s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Signatures

Vjw0rm

trojan worm vjw0rm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bZQEUbJxNj.js C:\Windows\system32\wscript.exe N/A

Enumerates physical storage devices

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\bZQEUbJxNj.js

Network

Country Destination Domain Proto
NL 95.101.78.82:80 tcp
US 8.8.8.8:53 macjoe597.duia.ro udp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
US 20.42.65.85:443 tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp
N/A 100.95.167.251:8159 macjoe597.duia.ro tcp

Files

N/A