Overview

overview

10

Static

static

1

Remittance-634731.js

windows7-x64

10

Remittance-634731.js

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Remittance-634731.js

  • Size

    462KB

  • MD5

    526e79a834bb7c263ee552706e8ca417

  • SHA1

    088706831253c13f4d77a76c3e9c4e85ac15e104

  • SHA256

    421c6e4dc68b3eb178243788435e0346b78fae06ffa5126c7b95bd222da0f9d9

  • SHA512

    8bb57999c72b37b2572c166c46026f53c5746992c0a7019f5aa74651e87bef9042254d031412c458a9542e38f61304756787822ffc4ef2ffcf3bd1ae07ccb59f

  • SSDEEP

    6144:b2MG+uzi8Smdo2S/2/7Xu3b318f2MG+uzi8Smdo2S/2/7Xu3b318g:oK8Smdoh/awbKEK8Smdoh/awbKg

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Remittance-634731.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\RypRJcyXfu.js"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      PID:2532
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\zixyzoe.txt"
      2⤵
        PID:2196

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\zixyzoe.txt
      Filesize

      105KB

      MD5

      4b04a5e29aeac9bc79a101dc514c33a4

      SHA1

      57abb8775a1d7642066df1acfb2568d92735f359

      SHA256

      c327f4e0d967b4560a204eaf5af02c7dc6a1d0989b57a8ce72afc640705170b9

      SHA512

      b4bf9a4f313b36291673912ae11315cbbf594ee6fe7df62a2e20fb795edb0db0862cdef20e81b391cdead629b11ad24922431766ab00f7810cfb097abae6e442

      Download Submit

    • memory/2196-9-0x0000000002170000-0x0000000005170000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2196-17-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2196-19-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2196-25-0x0000000002170000-0x0000000005170000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2196-42-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2196-48-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2196-54-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download