Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

69fadecc5f...84.exe

windows7-x64

10

69fadecc5f...84.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2024, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69fadecc5f413f178f6aa0a64a644184.exe

  • Size

    21.0MB

  • MD5

    69fadecc5f413f178f6aa0a64a644184

  • SHA1

    a80b9e9673377b201a521e2cdb3381f6abf16805

  • SHA256

    59bff7052850674f87fa90ad7a7547b563c5be7c2997e99bb53a8c98665568e1

  • SHA512

    4341b404426d88732068e031576ed011db876d96072f2fbd957112053261564d573215a3b70c838beaa9d9d316a0fa280686292aa5b1d4b777a96b2d90961848

  • SSDEEP

    393216:7T9NoEuU0tK0u9zTqEZmKrqv37mes9cjeDsezDoPPASurdxgaOw/AtZ5WGc:1Ku9zTJZmKr0W9oeDsIoHZurROUE5W

Score
10/10
vjw0rmtrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 6 IoCs
    installer
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69fadecc5f413f178f6aa0a64a644184.exe
    "C:\Users\Admin\AppData\Local\Temp\69fadecc5f413f178f6aa0a64a644184.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1592
      • C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
        "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4184
    • C:\Users\Admin\AppData\Local\Temp\Archive.exe
      "C:\Users\Admin\AppData\Local\Temp\Archive.exe"
      2⤵
      • Checks computer location settings
      • Drops startup file
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:692
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Update.js"
        3⤵
          PID:1028
        • C:\Windows\SysWOW64\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\setupm.js"
          3⤵
          • Checks computer location settings
          • Drops startup file
          • Suspicious use of WriteProcessMemory
          PID:1900
          • C:\Windows\SysWOW64\schtasks.exe
            "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn anydesk /tr "C:\Users\Admin\AppData\Local\Temp\setupm.js
            4⤵
            • Creates scheduled task(s)
            PID:2616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Archive.exe
      Filesize

      297KB

      MD5

      cad14be1e4a62a48562c9fa4b88f2b85

      SHA1

      90ca01a27af1bd86d6eb10b927255cd17cba180e

      SHA256

      c5ebffddcf33b7ba639cd6429ade542504665bbd2ab54ed2e53d63236a2c0f14

      SHA512

      93d59b0acd1b36a3e7b1cb6177de1952a341050058cf5020ea38dd73981bca5ee4d8938c24eb1247986459ded7478115ba7b4f76ea54368ca70ce70f298b1ce9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      Filesize

      1.2MB

      MD5

      309ca6264cd43918cae077fd3b706dd4

      SHA1

      e226f2fddf21b3a192dc59db50b99651a8797657

      SHA256

      4994b255ba195bf5c93f6e2ad289858a1a72eba9a29b052ba2befe7069188896

      SHA512

      e10f0944c972c13dc2fe82ff64764b2a76bee79ea8e8318aa78d9ffd1757ca5b9f3ea83ad86acb3750a7f89530ca0cc0345d4397a37e1f4988a50ad21953418f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      Filesize

      1.1MB

      MD5

      8106ee43b7638865a40e29ba5dc1d250

      SHA1

      15348a91e6899fae668f85ff72fad9399816b0dc

      SHA256

      4a1748aa063e9abb10fbf11f91162d26315585888e88d3c91b6a7e51c438fcf1

      SHA512

      7aa7723f7094d31ae1d65eb7ab024eeff789792d8c96e3959d6ff1f2ceb70efb69c0eb782b40033123d117ca5efb636c9e3702dc2ef8fe31922d930bdb91908a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
      Filesize

      402KB

      MD5

      cbd2f7fcafe3f1513fbe9d7b881410f9

      SHA1

      a002e2dbb8a3608ef3a2157e9079366b8c72cb59

      SHA256

      44ae0b26f7f52d62129810cc030bd590c36f1e0d222ea5553b4745372472eb93

      SHA512

      491c6b8db2475e316165226827c51e69ac2b81c71930d0ab490f48528066bbc73ddc61ac8eaeeb114bdf43775500c849e6b762877836307237b61be36660ef7b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
      Filesize

      400KB

      MD5

      4499abb82e7fff0235cfb9cedef35b38

      SHA1

      0080fe923f0526981c81482c3777306b906bf162

      SHA256

      7547e37199c5fed9513fae213f719047b075586f8b6ef0e62ca730524284c755

      SHA512

      ff25fb1bc98e9bbd67e9a79b928aeb0196a19daf3df7667ef0841595ae08362fee4197fc9a0b94b2b30a768c491b2e3522e7c9badf096b7250fc3c5faabcf0d3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini
      Filesize

      35B

      MD5

      5183ad04fa855146dedfc2da3e2e0c1d

      SHA1

      6aafeeba574403f5a0473304e9a1b2e08827d771

      SHA256

      e4a7c461065ba593420c328a8b9e3ee02800c7d5c89de4c01ed88e3c90792579

      SHA512

      aa95a8a7f39d582ea91a5e1f1278b63da35ae4f2c698f94532ff59c5de6f565694498a87a701b52e3bd12c2c82aaa6431db6954d53ab5e6f188ae0617a8893c5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Update.js
      Filesize

      22KB

      MD5

      ed831cd9ad274c33fdc51f90e526a672

      SHA1

      c6506b063070e16c2ab8c577417b9b42940af4fa

      SHA256

      0d22b6c2dd78a3eb76198b65aa75f7ea8e2a248a6600146397fcc49a055af2de

      SHA512

      b147b34b34215c549e6a47bfb6d9549f4f3e6bfa70fe9191fa58118c7e884625f56dd25cbc249177034a726f7d084f933832c4c18d682975a9c1d76e1b05d7b4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\aut5525.tmp
      Filesize

      4.3MB

      MD5

      3a1cda520901d13e41b3338747cd4f32

      SHA1

      32f0067eaf37fb1a7fd88dbcd191f9070ac62246

      SHA256

      adf63120385a0d65ede225db03d8986a5df924da38387ca060ff34bcf46a1d67

      SHA512

      3800b035f3b3974d3953442151a4bdcd83b3f567775ee264bb4efa43551fdac3f773d5be91d32975d96c18349904736e1052c09c4f10d5d22a84c289d03cfbd0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      033ee34c40e8fa85bf2739bcb2f3e186

      SHA1

      2ca942f35f77f37df3fc6097acac34f2e77341b7

      SHA256

      c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

      SHA512

      2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\System.dll
      Filesize

      11KB

      MD5

      0ff2d70cfdc8095ea99ca2dabbec3cd7

      SHA1

      10c51496d37cecd0e8a503a5a9bb2329d9b38116

      SHA256

      982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

      SHA512

      cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\TvGetVersion.dll
      Filesize

      172KB

      MD5

      412348383583b14a6ce4dbb4b1697924

      SHA1

      75fd77d417ed9f23ff849856415d0ad6a55d6f6e

      SHA256

      27ba5be684ce8be575de9b35c30f383034320c3c5488f9e9a946e47f5059987c

      SHA512

      a403cae1ef2a1faf22d25d224b0e5d57f1eed282ebf1a22149278f271a7abab000793a3622ea747d7ebd2bd7a3d4aa46881e1ed8e728367cd331d9d723d215ae

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\TvGetVersion.dll
      Filesize

      177KB

      MD5

      efa24731c55b5c2c263302b750f3ce5a

      SHA1

      87f76c2a50661f4d50a2c815b407657e38c9db55

      SHA256

      4d80cd59668b04553dcf5966c911d56f9ec750e9433cd2e58b82c455b7593cd0

      SHA512

      d96eea2799c777f223e714f6f3b579430d694a1c91e96deb5b3cff5eb98f4ee47793b95be103ca931296b2b13b453dc2e503be3a0118dc45dec7be8d96a55387

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\TvGetVersion.dll
      Filesize

      176KB

      MD5

      bdebd543c16d3562f586d3ed6c208328

      SHA1

      7def05a6ce9e9a9412580514b4e1e17bd50c4f5b

      SHA256

      6ca2f9f35df6df8d8ac39d9eefffcfbadfc7343d72672007ac35de45d5da4242

      SHA512

      e7f1d2a29d030855148cc698a430d87894101d8e232240d736567b608f731ac695ab6653d4ca82ef82b148249a14f8fe75ffe7ebe51905442a74f8283bf162ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\TvGetVersion.dll
      Filesize

      210KB

      MD5

      05f51bc8ffb2c8f5a2825bf5680301cf

      SHA1

      30f7f77dce1fb3526142780e9f5bd5c11622d6b6

      SHA256

      c67cbd5e35e1ce0c7ba17c55d8e2bc33afd5e0a68774554a1fe7216d330c709e

      SHA512

      1e041aaa37dd00414ad955ebc8c0f708589014d2085a5a0b95a31f4d694bb1cc4994bb1324d4b983cbad0449fb0a05560d82c60fdbfc78be67ff61275e451233

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\TvGetVersion.dll
      Filesize

      209KB

      MD5

      02a4882a510b6b164a9405fcefefc19f

      SHA1

      4cd278db145dccc49f3947ce467ea6cfb38d1cf0

      SHA256

      4fcc2a3275d391cb6c8b54a3e2d34f07bf2cf0c2fc538fca8f20f3aa701f911b

      SHA512

      8f3a58e0a10dedc0a88dc5f72156c2efacfb1db1da948a53e1d17a7b14939f862d3c203cc90fcd4f7c8637eb5b50af3c3ef4fdc6275f7e6cca79f56a94771d7e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\TvGetVersion.dll
      Filesize

      138KB

      MD5

      84db0aec16fe9be1b0179c00f7b17276

      SHA1

      920dc4ba30ace9ad1954e0a198859b440a3fba1f

      SHA256

      63e76ac8126d875a7d4b97b515061251158404ca40a6708003a8ee89beb0cd90

      SHA512

      6c6e2391a63d76a3456442b8c8179d8501678fea30d5a45fc8c46044df8a7b9244fd62343d38674a638734f174e712b5a4779d4fa0c82a354dd82026f4e70f38

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\UserInfo.dll
      Filesize

      4KB

      MD5

      9b0db6a6056e8e51ac35e602aeab769f

      SHA1

      b541c6d2635141cdc3a74f59d55db8df4a92e7ac

      SHA256

      925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

      SHA512

      83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\advanced_unicode.ini
      Filesize

      1KB

      MD5

      8b3e104f11c5d046bd93df4e9fb40f4e

      SHA1

      0362bb65744a07563dc05cd612dd54a865233d79

      SHA256

      cc18c611578d796a879cac46746406dbaa96eddd544d7a12d4fa56856cb2cbc1

      SHA512

      edc08be542234c3ed6a94c46c610eb5398782c580859eda11f35df6112b3dfee10cf4be068c7a87f39a339f10a9176350cae9f657857375d641a35d5d151ced8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\linker.dll
      Filesize

      45KB

      MD5

      4ac3f0ab2e423515ed9c575333342054

      SHA1

      a3e4f2b2135157f964d471564044b023a64f2532

      SHA256

      f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

      SHA512

      8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\start_unicode.ini
      Filesize

      2KB

      MD5

      2a8a139cdab38b5f4264ae82850cbd22

      SHA1

      816e8acb2adc36c7f138f963a9802622dfc9536a

      SHA256

      94bde605292510f8ae6df19083130770ae8c754906007ea93150cab63962190b

      SHA512

      d6f99e88e72cfb28afc4af0780d2ac380f00f9fe9265cbbb4b8e6390e9b6ee5870a723e1971288783fd919158659ff214bab383242fa22470d9f6f1a170e2cf1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsk60EE.tmp\start_unicode.ini
      Filesize

      2KB

      MD5

      842e0619d9e08154e01ee9a622a41ab4

      SHA1

      bdf8db0db0f5a261743867d77585c5ea9c240d77

      SHA256

      e45809ed8a2935ba7c3c4432af33509ace03144157262ac1c6595c5333be11a7

      SHA512

      df1b29d20f3acc0e6231bab4a90241b014e3495cc6f532a526318f90950f5602ecfccdfe476a783e326830873691e6c21c49a8477f3c8b4401cb85812595de7e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsx5A46.tmp\TvGetVersion.dll
      Filesize

      193KB

      MD5

      d2ac4ca57f4b624c444c17e8a353deaa

      SHA1

      d713b2b4ff0cec01b5c89bd26127012eed460a32

      SHA256

      a4db659c6265ba7efbbd4906257ef6cdb8f9b1fefba78f01425390729ab3d1f2

      SHA512

      db991671548d9f239acf7b77b47ccbf438c626e803026a68d7c67ec5b3923195c8745f6adbe730fe4c049237217849f8f9f47fc335cf94b1413a7debc9b8d9b1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\setupm.js
      Filesize

      42KB

      MD5

      b3fc5e308e2b71e264c09f882f5a7093

      SHA1

      d8e5433ff1141b9d1757e4fe774dc58b7906339c

      SHA256

      1d960010a1f154542456123073df663f81c7f6e7a872233a5fe6ad55d4822385

      SHA512

      e5b64f4b3ecc27a58dad51e3de446d03817323f8dc337c452fd4e53429d329a1668a67d2268dcfb6ec9afa46db6c56d9693da1efc9dbf02a17162d545ac4c593

      Download Submit

    • memory/4184-276-0x0000000006E10000-0x0000000006E1E000-memory.dmp

      Filesize

      56KB

      Download