vjw0rm | 9b5c6c579c2dcff5c35cc16f59c49bd0d903edb8730e1f4f5424d33fdc19a677

Analysis

max time kernel
13s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 19:12

Target

f187bff85111c74bffe04e7148760bca.js
Size

3KB
MD5

f187bff85111c74bffe04e7148760bca
SHA1

e0436fb2079b01df779d28a29d3b52b4e5bae191
SHA256

9b5c6c579c2dcff5c35cc16f59c49bd0d903edb8730e1f4f5424d33fdc19a677
SHA512

bd548dc2a01c74181e365bb56e5b3346838bb29da2000479b93560b3966fa37549b77e25c64d6dfb9d081c82bca9690432ca656e1117dd4b9514bf7607efac49

Score

10^/10

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QVCLNW3IY6 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\f187bff85111c74bffe04e7148760bca.js\""	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

Scheduled Task/Job

pid	Process
4156	schtasks.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\f187bff85111c74bffe04e7148760bca.js
1⤵
- Adds Run key to start application
PID:4812
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Local\Temp\f187bff85111c74bffe04e7148760bca.js
  2⤵
  - Creates scheduled task(s)
  PID:4156