Overview

overview

10

Static

static

1

swift copy.PDF.js

windows7-x64

10

swift copy.PDF.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2023 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    swift copy.PDF.js

  • Size

    453KB

  • MD5

    811a102d237ae380b2d9517fa79f2c6d

  • SHA1

    17ff05d6c71c7c3f27be24cfd46b9653de9f67f2

  • SHA256

    47ac55851c62e30f0553a5d32f2b6a128f532b9904fbf5e100b53895ec8a86ca

  • SHA512

    3fcd5e98e5dbe0fb529ca77592bc012bc8560173114dfa754d363fe621b9336485a74fa48bd8bca4f676bfc91c2dc8ad5bc69c9a3b275b02722ec4e932688680

  • SSDEEP

    6144:N5gPKUmu6hIe4UhL60X4dOvNJ38QJfJiDzh8qQESvpWvnR4Rt1Prz2fLFh2WR:N56fmu6mUhZVJ1J8DnRvAtlf2

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 18 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\system32\wscript.exe
      wscript.exe "C:\Users\Admin\AppData\Local\Temp\swift copy.PDF.js"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Windows\System32\wscript.exe
        "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\ECqEVMhpHV.js"
        3⤵
        • Blocklisted process makes network request
        • Drops startup file
        PID:2712
      • C:\Users\Admin\AppData\Roaming\bin.exe
        "C:\Users\Admin\AppData\Roaming\bin.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2784
    • C:\Windows\SysWOW64\ktmutil.exe
      "C:\Windows\SysWOW64\ktmutil.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1120
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:2428

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nhrlqfb.zip
      Filesize

      498KB

      MD5

      8517bf92c0fd6228875ba74b2526b3b4

      SHA1

      7aa157feed160f7e207ce961aaee21e3075b3ab9

      SHA256

      536ad85a299f5f7afc36f5944ea55d9f32495491265bf1305a41b3667176998d

      SHA512

      929c686123eb405c258d3ece2466b69f641041c2e2b7a4c13c7efa58a6654b387ac1ee4f7c643e70c84b38eddf39eccc6f816420e731e899468c9ab0fb9a2732

      Download Submit

    • C:\Users\Admin\AppData\Roaming\ECqEVMhpHV.js
      Filesize

      7KB

      MD5

      d7f1bd09dc54cdb298d18b01c350daad

      SHA1

      14389215c04486782b191d7e717604d47b4855f5

      SHA256

      1d15ca695084184b5e58a8ea3776bb5c8d2972c1d22d8ba0ded53b00bae8807b

      SHA512

      4fc09bf5626f1ce47a6b66b64bf9c3f22545ce481161f9b2c5e9fdc302d4d5b3e7acfd549bb24ec1405e4d93b3727abd301d957f32d44ed8d6d5cb3af7f8d976

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bin.exe
      Filesize

      244KB

      MD5

      191c89bfc7613125182be0c6f7dc0828

      SHA1

      1f856de98621182f9885f5ceb5017806a48a19f6

      SHA256

      0b5a9848fa4433d737febc05dafaa4f8db69d2605c8014a616fac6c4abc69c53

      SHA512

      a1d22bfe1716682d00ae6dce97d2da37c33fcfc40a10da745f23abd837042e0016e651cabd9e12979dd2a0eb055c7f41c0d7ad8bafefb07e8203d3d4ef1f6550

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bin.exe
      Filesize

      244KB

      MD5

      191c89bfc7613125182be0c6f7dc0828

      SHA1

      1f856de98621182f9885f5ceb5017806a48a19f6

      SHA256

      0b5a9848fa4433d737febc05dafaa4f8db69d2605c8014a616fac6c4abc69c53

      SHA512

      a1d22bfe1716682d00ae6dce97d2da37c33fcfc40a10da745f23abd837042e0016e651cabd9e12979dd2a0eb055c7f41c0d7ad8bafefb07e8203d3d4ef1f6550

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bin.exe
      Filesize

      244KB

      MD5

      191c89bfc7613125182be0c6f7dc0828

      SHA1

      1f856de98621182f9885f5ceb5017806a48a19f6

      SHA256

      0b5a9848fa4433d737febc05dafaa4f8db69d2605c8014a616fac6c4abc69c53

      SHA512

      a1d22bfe1716682d00ae6dce97d2da37c33fcfc40a10da745f23abd837042e0016e651cabd9e12979dd2a0eb055c7f41c0d7ad8bafefb07e8203d3d4ef1f6550

      Download Submit

    • \Users\Admin\AppData\Local\Temp\sqlite3.dll
      Filesize

      949KB

      MD5

      38a3e021eb32c9976adaf0b3372080fc

      SHA1

      68e02803c646be21007d90bec841c176b82211fd

      SHA256

      8cde0275d60da0d11954f73c7c8862cfc4b306f61bb8b1ce14abe4a193af2652

      SHA512

      b886cc112f2750e7300b66f7242850659fa49fdc97f75aed376cb9f5440875f303a143bf8b51068ec42674f1ebe1dfcc40534f3a7aed3cc4d20f9274b9a66d18

      Download Submit

    • memory/1120-29-0x0000000001C80000-0x0000000001D1A000-memory.dmp

      Filesize

      616KB

      Download

    • memory/1120-17-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1120-18-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1120-28-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1120-21-0x0000000001F50000-0x0000000002253000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/1120-71-0x0000000061E00000-0x0000000061ED7000-memory.dmp

      Filesize

      860KB

      Download

    • memory/1120-23-0x0000000000080000-0x00000000000BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1120-25-0x0000000001C80000-0x0000000001D1A000-memory.dmp

      Filesize

      616KB

      Download

    • memory/1192-30-0x0000000004C50000-0x0000000004D02000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1192-26-0x0000000004C50000-0x0000000004D02000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1192-16-0x0000000009070000-0x000000000C1F4000-memory.dmp

      Filesize

      49.5MB

      Download

    • memory/1192-27-0x0000000004C50000-0x0000000004D02000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1192-24-0x0000000009070000-0x000000000C1F4000-memory.dmp

      Filesize

      49.5MB

      Download

    • memory/2784-13-0x0000000000CE0000-0x0000000000D1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2784-19-0x0000000000CE0000-0x0000000000D1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2784-20-0x0000000000260000-0x000000000027B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2784-15-0x0000000000260000-0x000000000027B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2784-14-0x0000000000CE0000-0x0000000000D1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2784-12-0x00000000006C0000-0x00000000009C3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2784-10-0x0000000000CE0000-0x0000000000D1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2784-9-0x0000000000CE0000-0x0000000000D1D000-memory.dmp

      Filesize

      244KB

      Download