vjw0rm | f0859092ba6f050b746556c0957dfc4d0faa35ffade29ad199d028cb6e14c9bc

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2023 08:00

Target

ntrHCBLBIT.js
Size

346KB
MD5

1c50a0279d38af4da4d39a9287096ca6
SHA1

767180b03827b30622691670f0814f40f47ccfe8
SHA256

f0859092ba6f050b746556c0957dfc4d0faa35ffade29ad199d028cb6e14c9bc
SHA512

2d30a9f332f5a38bd2551986bd976d6cf9a75ed2600a76de48113e2c840ebf831624bcef801c74623c33429f56efbbdcf0b73528661ce82207f808cfb35e2eaa
SSDEEP

6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV860:eQ3B7qgpB

Score

10^/10

vjw0rm trojan worm

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm

Blocklisted process makes network request 16 IoCs

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntrHCBLBIT.js	wscript.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntrHCBLBIT.js	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact