Overview

overview

10

Static

static

1

SOA and invoices.js

windows7-x64

10

SOA and invoices.js

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2023 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SOA and invoices.js

  • Size

    4.4MB

  • MD5

    08ec6390255e658106aac7aae7114b6c

  • SHA1

    b8f85e4daf4461f6ee5c69ff95bc51c24b33fff0

  • SHA256

    64394d6cb0b1ac69cddc943ae96e755184d20a60428372e24e0df466c2debfa9

  • SHA512

    b1834040f984b200b3686cb97d846ecc894bd1af3fd06bc21de00cd0613d3ad9b85f780b6b5b5a4d1345ade5a1acdb36b13f55e803b654eb576e980cce534152

  • SSDEEP

    24576:rDg0p0xod7eN0L23S6z4/WBXVFbPUzgvQ/vZSoKJ6hU:18N0IZTBnbPe1KJ6hU

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 10 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\SOA and invoices.js"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\ICTuIejIrh.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      PID:4564
    • C:\Users\Admin\AppData\Local\Temp\Payload u.exe
      "C:\Users\Admin\AppData\Local\Temp\Payload u.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4968

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Payload u.exe
    Filesize

    756KB

    MD5

    77bc4d2c99082b7398c25ce09291b03e

    SHA1

    e9c2882cc3c1b58855428d513331b4be64b3ae7c

    SHA256

    a6e8cfe4af4de47ac8158b8adbc25a65f37de05946c5ff363179b4b556f5d169

    SHA512

    0d901deb1af1a0624b466acb765697ce16e214a5b8311444f75c8b3b68c1c5dc849a140999274cf30a8c9fc0b8b0bb24aeff49dd944bcd7c019593f6a8ce6ee2

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Payload u.exe
    Filesize

    756KB

    MD5

    77bc4d2c99082b7398c25ce09291b03e

    SHA1

    e9c2882cc3c1b58855428d513331b4be64b3ae7c

    SHA256

    a6e8cfe4af4de47ac8158b8adbc25a65f37de05946c5ff363179b4b556f5d169

    SHA512

    0d901deb1af1a0624b466acb765697ce16e214a5b8311444f75c8b3b68c1c5dc849a140999274cf30a8c9fc0b8b0bb24aeff49dd944bcd7c019593f6a8ce6ee2

    Download Submit
  • C:\Users\Admin\AppData\Roaming\ICTuIejIrh.js
    Filesize

    1.1MB

    MD5

    640aa973998c99a7b71afebb45592e9d

    SHA1

    f5a27a38c147df3223a9e4c358ec895f312b96cd

    SHA256

    8cdf54167ac9581f34374b06adf16ad4069e760606c6dc854db84e53e8006f92

    SHA512

    30d57466971ffcf9edcd45a45a95012d073874cf606a9590f67695caaf1f4836bac9f52b58e9445b2e932d797bea97ca844358dfc8bf437851d572f967ef8866

    Download Submit
  • memory/4564-132-0x0000000000000000-mapping.dmp
    Download
  • memory/4968-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4968-137-0x00000000008F0000-0x00000000009B4000-memory.dmp
    Filesize

    784KB

    Download