Overview

overview

10

Static

static

1

ACCOUNTS_S...614.js

windows7-x64

10

ACCOUNTS_S...614.js

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2023, 08:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ACCOUNTS_SATATEMENT__2023-0614.js

  • Size

    6KB

  • MD5

    28207514dfbe2e049fa6ba1fe6fe978c

  • SHA1

    31944447fce1bd818fcdbce1990e90590a512966

  • SHA256

    9e30af630ba15f719d8c377e3a8a99a5c98213fd1a81f2d7895f426b53edf407

  • SHA512

    04d1e1b6d35660b831bf945e9777ae55fa4101199be54c4b22bff01a462855e1e09994924248297ec2cf7f86a4a0be0156ff66cd7d0ad0ff028268232ecf6a7b

  • SSDEEP

    96:2ZH1uyLoXI6PoXT2lcJc9hEOHOVSbgZ2BwuxXV8292ZrYEboyYywOLKiHe4TmOMy:2ZVh1VsO292ZM6DLKElsAVUh8AsX

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 6 IoCs
  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\ACCOUNTS_SATATEMENT__2023-0614.js
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Adds Run key to start application
    PID:4144

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    corewo4romocm.duckdns.org
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    corewo4romocm.duckdns.org
    IN A
    Response
    corewo4romocm.duckdns.org
    IN A
    94.200.95.128
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    123.108.74.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    123.108.74.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.232.18.117.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.232.18.117.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.9.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.9.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.8.109.52.in-addr.arpa
    IN PTR
    Response
  • 94.200.95.128:7971
    corewo4romocm.duckdns.org
    wscript.exe
    260 B
     5
  • 94.200.95.128:7971
    corewo4romocm.duckdns.org
    wscript.exe
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 93.184.220.29:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 94.200.95.128:7971
    corewo4romocm.duckdns.org
    wscript.exe
    260 B
     5
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 131.253.33.203:80
    322 B
     7
  • 52.152.110.14:443
    260 B
     5
  • 94.200.95.128:7971
    corewo4romocm.duckdns.org
    wscript.exe
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 94.200.95.128:7971
    corewo4romocm.duckdns.org
    wscript.exe
    260 B
     5
  • 52.152.110.14:443
    260 B
     5
  • 52.152.110.14:443
    208 B
     4
  • 94.200.95.128:7971
    corewo4romocm.duckdns.org
    wscript.exe
    208 B
     4
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    corewo4romocm.duckdns.org
    dns
    wscript.exe
    71 B
     87 B
     1
    1

    DNS Request

    corewo4romocm.duckdns.org

    DNS Response

    94.200.95.128

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    123.108.74.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    123.108.74.40.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    240.232.18.117.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.232.18.117.in-addr.arpa

  • 8.8.8.8:53
    8.9.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    8.9.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

  • 8.8.8.8:53
    86.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.8.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.