Overview

overview

10

Static

static

1

279ba39874...659.js

windows7-x64

10

279ba39874...659.js

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    279ba39874bda6eba21ce2ec81361659.js

  • Size

    201KB

  • MD5

    279ba39874bda6eba21ce2ec81361659

  • SHA1

    4d44cefbfce10930858e8a0f9ee8510e27152dcf

  • SHA256

    2e60c3ba7e545ebb75f91c51b085be7b61d34374f178f9bca45e96624727dc9b

  • SHA512

    aba2055963cab29261df5d14386235ea53535ccc6b58485d8a9758fb171deb84f7034deb38c8f209d80a15584bc2cf252edf62b956e70a09614abf00d536aa42

  • SSDEEP

    3072:GIUkZFN8yRu8pXSn77+oFyLELt0GV3hfQYPGUba:fFN7Fi77rFeC+weYP+

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\279ba39874bda6eba21ce2ec81361659.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\RQJrwUperv.js"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      PID:1988
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\djlbilkozs.txt"
      2⤵
        PID:2704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\RQJrwUperv.js
      Filesize

      9KB

      MD5

      8809b0d0197b3cd57b6708280097e505

      SHA1

      9ce907eb77d894c721bac3b95ec10198b673cf90

      SHA256

      08a35def10fe25f0e7ba5ab9f9225617752d008b77c3c8038e7f4e6e22efca97

      SHA512

      0619a90ee431c855718ef66166886c166ee2d3461514220e46fb8cfdfc78bdade23fc6823860dedf6f1a8d65dae9e8e0c94343fe250d469ba63ecd6ef3cfe1a1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\djlbilkozs.txt
      Filesize

      92KB

      MD5

      06f61cd3d0cdf9257fcdac6483d4c1ba

      SHA1

      f4eec20fdbc68dbdd8bb5fd1dfecd918b099ef2f

      SHA256

      424ba40767618afade696d3714c1ba1960ff91e3bc1658fa510cd2332baf2a2f

      SHA512

      9aa7d19fb9999d0414d2399e14ccf43b66cbd6a1bf54be6538b6a0a9e9ac096bdc065a43e4d776ed5cd01a14562446fcd535979b0756781e132e13b27b575657

      Download Submit

    • memory/2704-10-0x0000000002230000-0x0000000005230000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2704-17-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2704-18-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2704-40-0x0000000002230000-0x0000000005230000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2704-42-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2704-48-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download