Overview

overview

10

Static

static

1

37c0373548...0e4.js

windows7-x64

10

37c0373548...0e4.js

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37c0373548f1334764a0fe139bc4b0e4.js

  • Size

    202KB

  • MD5

    37c0373548f1334764a0fe139bc4b0e4

  • SHA1

    bea7360b7252701f1a1411d7a84c9ac631267559

  • SHA256

    330d4d4c03364842209ab162eabb72fc9e5aa9c0b7271bd83599cb27f492601c

  • SHA512

    bdcd45ccdf92966b5733f286a4608dfb3fc4566715045e80a92edebbf827db3994a91176e8f1945785c0af9d103259c192ae44561fe0c8d5c0286c62c2b0b4e3

  • SSDEEP

    3072:kbH2QdessMSnPtHbh42rOYXt5+E2G/UE0Wvidfbwta+sYL8e+FX6HVmgSRn7dKI7:f11HV9OYXtMyH0WCD6a+PYBKI+4jN5lF

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\37c0373548f1334764a0fe139bc4b0e4.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ehiqkjyncb.txt"
      2⤵
        PID:2764
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\TrvKczAWPy.js"
        2⤵
        • Drops startup file
        • Adds Run key to start application
        PID:2192

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\TrvKczAWPy.js
      Filesize

      9KB

      MD5

      cf858266b13ee357cf8f5f5e12151885

      SHA1

      7a460ee3ad3c7b42c98676a39412ba5245fa8757

      SHA256

      5929e5fe4b3864ee6d9218b91dd88ca9f8a30a235d3a42ee587d3a1f8ef68a6f

      SHA512

      69075ef84e7ec1ee05faa059d67dd1ce7439e886c83fbb9572858b6a4051cdab96212a0544260fd2a3d257534908e17c46c480c96b455686b133b9a565e09058

      Download Submit

    • C:\Users\Admin\AppData\Roaming\ehiqkjyncb.txt
      Filesize

      92KB

      MD5

      3e93005e30804f380c9c3fb392c32e4d

      SHA1

      68b3a053276a14c8059d58eab447927868f2f785

      SHA256

      7d14c63974afd53f32e6b5b5d22f0e0e6d49e4a04b67b4670ebeaf8c2a658b64

      SHA512

      307f8de410b15e2f28740bf776d27c201d9eebd2a5936757becddfb31ed9724f2ab866bdeac0ddd5184aa91457a276379a0a08fb24830df57d854e5c450fd129

      Download Submit

    • memory/2764-10-0x0000000002440000-0x0000000005440000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2764-17-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-40-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-46-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-49-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-53-0x0000000002440000-0x0000000005440000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2764-56-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-71-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-72-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download