vjw0rm | ed505690251f92f79fb3341968a3283e69bcd4ffe08539593b1601fac515c36b

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-06-2023 16:49

Target

09096099.js
Size

346KB
MD5

3ed07b2cfc14457c448129ac338d1a9b
SHA1

e07cd37475c0a9e2c53d4f7df317c8b4be70855e
SHA256

ed505690251f92f79fb3341968a3283e69bcd4ffe08539593b1601fac515c36b
SHA512

db34f63ad7cd4580c200040f1ced68ef7477cf61e44304932a2989cda520a56e90bf51d27bcd8474f14600a92f25664befa9a64caf26c009d5ecb6a610b78fa5
SSDEEP

6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8l/:eQ3B7qgpr

Score

10^/10

vjw0rm trojan worm

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm

Blocklisted process makes network request 16 IoCs

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09096099.js	wscript.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09096099.js	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact