Overview

overview

10

Static

static

1

37c0373548...0e4.js

windows7-x64

10

37c0373548...0e4.js

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37c0373548f1334764a0fe139bc4b0e4.js

  • Size

    202KB

  • MD5

    37c0373548f1334764a0fe139bc4b0e4

  • SHA1

    bea7360b7252701f1a1411d7a84c9ac631267559

  • SHA256

    330d4d4c03364842209ab162eabb72fc9e5aa9c0b7271bd83599cb27f492601c

  • SHA512

    bdcd45ccdf92966b5733f286a4608dfb3fc4566715045e80a92edebbf827db3994a91176e8f1945785c0af9d103259c192ae44561fe0c8d5c0286c62c2b0b4e3

  • SSDEEP

    3072:kbH2QdessMSnPtHbh42rOYXt5+E2G/UE0Wvidfbwta+sYL8e+FX6HVmgSRn7dKI7:f11HV9OYXtMyH0WCD6a+PYBKI+4jN5lF

Score
10/10
vjw0rmdiscoverypersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\37c0373548f1334764a0fe139bc4b0e4.js
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\felllqf.txt"
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3140
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:1148
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\TrvKczAWPy.js"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      PID:1196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    18770438f6e7e7c0c95c6ecd43f2e30f

    SHA1

    fb6fb5110cf1afef2e612d5fd5b37fd5ad4bc8da

    SHA256

    2ff4dc455baee309ad13eb2c10eda245f582de9c29e58d94430bfc0f68867cdb

    SHA512

    ea83006e7b00c0f30a2b9c571d682bc19925145ffe457868157d5c607177141068e68e817b82fd029c8406f31baf98b411cef1702db6df0e11527b457048f485

    Download Submit

  • C:\Users\Admin\AppData\Roaming\TrvKczAWPy.js
    Filesize

    9KB

    MD5

    cf858266b13ee357cf8f5f5e12151885

    SHA1

    7a460ee3ad3c7b42c98676a39412ba5245fa8757

    SHA256

    5929e5fe4b3864ee6d9218b91dd88ca9f8a30a235d3a42ee587d3a1f8ef68a6f

    SHA512

    69075ef84e7ec1ee05faa059d67dd1ce7439e886c83fbb9572858b6a4051cdab96212a0544260fd2a3d257534908e17c46c480c96b455686b133b9a565e09058

    Download Submit

  • C:\Users\Admin\AppData\Roaming\felllqf.txt
    Filesize

    92KB

    MD5

    3e93005e30804f380c9c3fb392c32e4d

    SHA1

    68b3a053276a14c8059d58eab447927868f2f785

    SHA256

    7d14c63974afd53f32e6b5b5d22f0e0e6d49e4a04b67b4670ebeaf8c2a658b64

    SHA512

    307f8de410b15e2f28740bf776d27c201d9eebd2a5936757becddfb31ed9724f2ab866bdeac0ddd5184aa91457a276379a0a08fb24830df57d854e5c450fd129

    Download Submit

  • memory/3140-51-0x000001943F0F0000-0x000001943F100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-52-0x000001943F120000-0x000001943F130000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-23-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3140-33-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3140-38-0x000001943EE00000-0x000001943EE01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3140-41-0x000001943EE00000-0x000001943EE01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3140-46-0x000001943F0A0000-0x000001943F0B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-11-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3140-50-0x000001943F0E0000-0x000001943F0F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-24-0x000001943EE00000-0x000001943EE01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3140-54-0x000001943F140000-0x000001943F150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-55-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3140-56-0x000001943F150000-0x000001943F160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-57-0x000001943F160000-0x000001943F170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-53-0x000001943F130000-0x000001943F140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-49-0x000001943F0D0000-0x000001943F0E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-58-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3140-48-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3140-47-0x000001943F110000-0x000001943F120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3140-59-0x000001943EE20000-0x000001943FE20000-memory.dmp

    Filesize

    16.0MB

    Download