Overview

overview

10

Static

static

1

47ac55851c..._JC.js

windows7-x64

10

47ac55851c..._JC.js

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2023 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47ac55851c62e30f0553a5d32f2b6a128f532b9904fbf5e100b53895ec8a86ca_JC.js

  • Size

    453KB

  • MD5

    811a102d237ae380b2d9517fa79f2c6d

  • SHA1

    17ff05d6c71c7c3f27be24cfd46b9653de9f67f2

  • SHA256

    47ac55851c62e30f0553a5d32f2b6a128f532b9904fbf5e100b53895ec8a86ca

  • SHA512

    3fcd5e98e5dbe0fb529ca77592bc012bc8560173114dfa754d363fe621b9336485a74fa48bd8bca4f676bfc91c2dc8ad5bc69c9a3b275b02722ec4e932688680

  • SSDEEP

    6144:N5gPKUmu6hIe4UhL60X4dOvNJ38QJfJiDzh8qQESvpWvnR4Rt1Prz2fLFh2WR:N56fmu6mUhZVJ1J8DnRvAtlf2

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 18 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Windows\system32\wscript.exe
      wscript.exe C:\Users\Admin\AppData\Local\Temp\47ac55851c62e30f0553a5d32f2b6a128f532b9904fbf5e100b53895ec8a86ca_JC.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Windows\System32\wscript.exe
        "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\ECqEVMhpHV.js"
        3⤵
        • Blocklisted process makes network request
        • Drops startup file
        PID:2660
      • C:\Users\Admin\AppData\Roaming\bin.exe
        "C:\Users\Admin\AppData\Roaming\bin.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2780
    • C:\Windows\SysWOW64\ktmutil.exe
      "C:\Windows\SysWOW64\ktmutil.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:1680

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\q0gtp.zip
      Filesize

      486KB

      MD5

      1e73cacce02ae20026a81f1e56416aa3

      SHA1

      f491a7301ce11cf11a92c0245c7e03d927422286

      SHA256

      0dd0dd38cde5a14e7d6d0830db62cc7037e521fd042b0b8da0763128b2c0b3f2

      SHA512

      afe77facd8b16cc744ac2277414ffaf83436999d15eb8ac707f8098e2f8ed4cb29b430392ebe46b7fa65b20730615bc33dee9416f7141da5032a630894980a0a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\ECqEVMhpHV.js
      Filesize

      7KB

      MD5

      d7f1bd09dc54cdb298d18b01c350daad

      SHA1

      14389215c04486782b191d7e717604d47b4855f5

      SHA256

      1d15ca695084184b5e58a8ea3776bb5c8d2972c1d22d8ba0ded53b00bae8807b

      SHA512

      4fc09bf5626f1ce47a6b66b64bf9c3f22545ce481161f9b2c5e9fdc302d4d5b3e7acfd549bb24ec1405e4d93b3727abd301d957f32d44ed8d6d5cb3af7f8d976

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bin.exe
      Filesize

      244KB

      MD5

      191c89bfc7613125182be0c6f7dc0828

      SHA1

      1f856de98621182f9885f5ceb5017806a48a19f6

      SHA256

      0b5a9848fa4433d737febc05dafaa4f8db69d2605c8014a616fac6c4abc69c53

      SHA512

      a1d22bfe1716682d00ae6dce97d2da37c33fcfc40a10da745f23abd837042e0016e651cabd9e12979dd2a0eb055c7f41c0d7ad8bafefb07e8203d3d4ef1f6550

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bin.exe
      Filesize

      244KB

      MD5

      191c89bfc7613125182be0c6f7dc0828

      SHA1

      1f856de98621182f9885f5ceb5017806a48a19f6

      SHA256

      0b5a9848fa4433d737febc05dafaa4f8db69d2605c8014a616fac6c4abc69c53

      SHA512

      a1d22bfe1716682d00ae6dce97d2da37c33fcfc40a10da745f23abd837042e0016e651cabd9e12979dd2a0eb055c7f41c0d7ad8bafefb07e8203d3d4ef1f6550

      Download Submit

    • C:\Users\Admin\AppData\Roaming\bin.exe
      Filesize

      244KB

      MD5

      191c89bfc7613125182be0c6f7dc0828

      SHA1

      1f856de98621182f9885f5ceb5017806a48a19f6

      SHA256

      0b5a9848fa4433d737febc05dafaa4f8db69d2605c8014a616fac6c4abc69c53

      SHA512

      a1d22bfe1716682d00ae6dce97d2da37c33fcfc40a10da745f23abd837042e0016e651cabd9e12979dd2a0eb055c7f41c0d7ad8bafefb07e8203d3d4ef1f6550

      Download Submit

    • \Users\Admin\AppData\Local\Temp\sqlite3.dll
      Filesize

      927KB

      MD5

      7fd80b1cc72dc580c02ca4cfbfb2592d

      SHA1

      18da905af878b27151b359cf1a7d0a650764e8a1

      SHA256

      1e6dccbdf8527abb53c289da920463b7895300d0d984cc7e91a3ecda4e673190

      SHA512

      13f7f29b5ed31c551aa5f27742557aa4d026a226087d6fcbca094819759ecc753a2c33b7422ae88dc6a4a0a966edb8485a18e59a0283ba2686cae5d78e0190a3

      Download Submit

    • memory/1216-17-0x0000000009780000-0x000000000CA63000-memory.dmp

      Filesize

      50.9MB

      Download

    • memory/1216-32-0x0000000006810000-0x000000000690D000-memory.dmp

      Filesize

      1012KB

      Download

    • memory/1216-25-0x0000000009780000-0x000000000CA63000-memory.dmp

      Filesize

      50.9MB

      Download

    • memory/1216-16-0x0000000000360000-0x0000000000460000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1216-28-0x0000000006810000-0x000000000690D000-memory.dmp

      Filesize

      1012KB

      Download

    • memory/1216-29-0x0000000006810000-0x000000000690D000-memory.dmp

      Filesize

      1012KB

      Download

    • memory/2408-30-0x00000000000C0000-0x00000000000FA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2408-19-0x00000000000C0000-0x00000000000FA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2408-18-0x00000000000C0000-0x00000000000FA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2408-22-0x0000000002150000-0x0000000002453000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2408-73-0x0000000061E00000-0x0000000061ED2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/2408-24-0x00000000000C0000-0x00000000000FA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2408-31-0x00000000008B0000-0x000000000094A000-memory.dmp

      Filesize

      616KB

      Download

    • memory/2408-26-0x00000000008B0000-0x000000000094A000-memory.dmp

      Filesize

      616KB

      Download

    • memory/2780-15-0x00000000001D0000-0x00000000001EB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2780-21-0x00000000001D0000-0x00000000001EB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2780-20-0x0000000001110000-0x000000000114D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2780-14-0x0000000001110000-0x000000000114D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2780-13-0x0000000001110000-0x000000000114D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2780-12-0x0000000000790000-0x0000000000A93000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2780-10-0x0000000001110000-0x000000000114D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2780-9-0x0000000001110000-0x000000000114D000-memory.dmp

      Filesize

      244KB

      Download