Overview

overview

10

Static

static

1

Jsreceipt0...F.html

windows7-x64

10

Jsreceipt0...F.html

windows10-1703-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2023, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Jsreceipt0193617_PDF.html

  • Size

    103B

  • MD5

    c349aed7796c6cf3784b423f7a348429

  • SHA1

    1f9f048f524a83ad569e0df65b709bc1de4f344f

  • SHA256

    07176693f0658bb82e3408ef1e85a545b039acf315749ce888dfce55252696cc

  • SHA512

    f505e8dfd29079f11b817204334e65a6c307e6bed8d5a04a7a95fef32bf4031040ef7830b7f039f596c904a489de2887d0903016204e1e78b9715126ccb1e455

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Extracted

Family

vjw0rm

C2

http://jsnew9400.duckdns.org:9400

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 1 IoCs
  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Jsreceipt0193617_PDF.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1572 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:860
  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Jsreceipt0193617_pdf.zip\Jsreceipt0193617_pdf.js"
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Adds Run key to start application
    PID:1868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e3edb5bb319879f7c5c4dafc9ba6c49

    SHA1

    5bf15decdb008d3833a9200a4f45593cae45fda2

    SHA256

    692a1c366b52cee8afaceefcce776b2348d05751bd619f28d3f9fe6c96788c05

    SHA512

    7752c8d1f705fe60bed143246781ba37c9d612481cbcabb8f3d26f02d3127e4e53f0e943b9b8da8089e2a76333b6ee6da6ab0199c2af815447cc74bfee7c89ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d60b73038d5c448ffb7080e45fda5622

    SHA1

    51f82fc187792380e1a4e6d816e78e5f4b545fe7

    SHA256

    7d79d3e938a9191feff40424540d692936c0afaa9d33ad1bc1e278c8619279ef

    SHA512

    03d7f77ed1f5611a7a16ca9ff3adbb551e607a561b717591ce103631185b2b6b157607e8a8a1aed8626f58d594c102465f54d409349bb898ea8de6ac0a2da28e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03d78ef4ee8cfa2914ea9d1015993ac2

    SHA1

    6e1de39ce0ab26288f497e4f08f4205b49c53ca5

    SHA256

    3991f607ec90e4ad4cc85a894b22d1c86d8b9472d5443f8a059be3664085c0c6

    SHA512

    42aaf5dbcc11930a8708ff57c3b62f95345515cfc817a4970e2b0c7fff4bd20f16d8be86ca50de0e804910855ca33501d0b28f6fe34bde1411913cb70adc2273

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    285a3df3009f9fc051b547479cbda791

    SHA1

    deb43260c55206690f7d582fa279a7df1b85b525

    SHA256

    8635d85330d82c65885c3744e1a5e3bc8a27e8a24ecc518a6d278becf18c5e5b

    SHA512

    230263a93a757dd752b4d659acd0d24db3a1fc2124b9b72eefaa1571767b97bbaa0102fbb32927b798ce6c9275cebadbe2959c067d8c5170b59396365fab2a41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d96a9e0e3f902e7a673a56053c2cebc

    SHA1

    4b87bdae05b7732a7107bdf37d039a8b6aa94bba

    SHA256

    e55ef10ed3486f1b97b6772467ad1e9fca73da94335e4f44ebeee0edf59b2f18

    SHA512

    ca7b2a4fe9b9575531d872d33ef14fd4e5d6be6b765af2e15820ac3d7e6c0aa48bfa7a2f0007bbca47e8126f6c1e02f74e271a80dfa0b6b61958de3a5c834c20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df3f914e765885ed43d2ee8d2a776b9b

    SHA1

    295473b75f195dd9df90246e9a6576947dfa3e3d

    SHA256

    fce27852a2c61e8612c7672ed8e9acfcb1515b26af7136cccf0981b2a82b8add

    SHA512

    f2a350fefac80267046b1cb8371540a1cc75e116f31fcc4bfb913d8a947f2387ff4ab7a2a5f314b198bb82c9742a0f14b05437f3a64195e1b0281cf976cd22b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    811ab4235d15ab17a176dfa3f3696484

    SHA1

    6ca32143398731096a04b57d9f2d07950a74b7ed

    SHA256

    ffb6aa15786a0630f8c90f1efeb31b362028546891f948172c79c803a15ac81f

    SHA512

    175a5f3d9ed84ced3a782144ede42085c534b6dd6679d3b5479fa3fc17470b0c060290ace75165e586a726a87a3d08ba6f49d85ee05d113c519631cedf8915e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ddd5e95228afcb43c38f75745a1ca459

    SHA1

    814fca76467871a6652f30c27e4c5c30279e61de

    SHA256

    7f81a60f5237f0303a2b38d44809341f31a5424572bb35cc29772d6856d22dd4

    SHA512

    e618ad1f71983b2accf19468ff823bdfbceffda3ea72245f6a24b31cf1c40826f74bf4e4bab9110b07d4dfa3add1e9dc75b59b8bc541d2e71a72242dee0035e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e1a8f51c23281aef254d62bf2461eea

    SHA1

    e22b762a8d99f647d713de9e5afd24bb83b5ee8e

    SHA256

    25a516478db1aa57af05beda9c3fee7fe69eef339863ba72a341ade45ad27271

    SHA512

    02d3e50aae9efd891dd954166822f830b75a370c6a2f7579502b074de8271a5b38b62ce7d4ad2437114f0b78a25da3ef1ec7a866b78d588443eda4d4f2367112

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da4e4df3cbc5c7420fe4ef110ca38b4d

    SHA1

    be1e6e7c263d735a2e40ad3634b79a5266d169ce

    SHA256

    9136a9c9b1a9dabf58ba98c3aa2729402c82680f3bb23264114f03e0facedd67

    SHA512

    4c2e4f89a7b7e3a1227e092b844442fd810650ef7266b27924e2518b4810539e3f88f8b372ae45b3c1d4666b07057e2933ddff8a16d8c8c3627309870da0d85b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZMQ0AZF\Jsreceipt0193617_pdf[1].zip
    Filesize

    300KB

    MD5

    b3f848fe0250349da6b62939ac0b848e

    SHA1

    9b15a7ca6b7832c48f028de394bfd0c796bc560a

    SHA256

    a174433a80690c315a52012c68ca86c3b03683ff6fd8420a261146d747ba93fb

    SHA512

    c5e46ca54d198a6287769078130b266d21c72efb7a1ca8c9d69ed1be8613619c6e5cc1436665151b1ad86a5533bbd7546060728de4393b783066302cc41717cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZMQ0AZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7SBST7U\Jsreceipt0193617_pdf.zip.ep1g0r6.partial
    Filesize

    300KB

    MD5

    b3f848fe0250349da6b62939ac0b848e

    SHA1

    9b15a7ca6b7832c48f028de394bfd0c796bc560a

    SHA256

    a174433a80690c315a52012c68ca86c3b03683ff6fd8420a261146d747ba93fb

    SHA512

    c5e46ca54d198a6287769078130b266d21c72efb7a1ca8c9d69ed1be8613619c6e5cc1436665151b1ad86a5533bbd7546060728de4393b783066302cc41717cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB638.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB679.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HSQQWU6X.txt
    Filesize

    603B

    MD5

    2ecde963e35699fdaef1f50d07fc7f2d

    SHA1

    3aef10223467514b275f3961964a64295ca251e3

    SHA256

    85ab19a79070cd43728e483adb13423514fcd07484ef2eb458762cd4b8efd804

    SHA512

    a03b2dc45883b4530bf18e58016854457e45f9531866ac91bd3aa0ef97ea3a733e867583e3203178a2898031f6194107a07ed204876f78399e00eb1cabb99e31

    Download Submit