Overview

overview

10

Static

static

1

7e58440b8e...437.js

windows7-x64

10

7e58440b8e...437.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2024 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e58440b8eb773b24aace538de1c5437.js

  • Size

    67KB

  • MD5

    7e58440b8eb773b24aace538de1c5437

  • SHA1

    b824cf54e9e9e1c28ff2ec6b6e3de9048750f5cb

  • SHA256

    21e0026aeb23c03125337151d862a29372ac17af5663fca1f5ff7beeacf82fc1

  • SHA512

    a3d50e13255253989be68a25304ad51098fdbbe8873269d6fd148cc7ef641639bea881cfb57837182ee0c5036340cdd572706d0ac5552c6be8404404f79db298

  • SSDEEP

    1536:YQ/nup5Ih191nup5Ih19efc//nup5Ih191nup5Ih19efcq6:7Gf9fbfWGf9fbfE

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Blocklisted process makes network request 12 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\7e58440b8eb773b24aace538de1c5437.js
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\rVRpsUBiCR.js"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\rVRpsUBiCR.js
    Filesize

    14KB

    MD5

    ed533885cb7d43829db0e85dbaabec22

    SHA1

    c19225ec3612ce86d4f5b8046ae65b3332d40776

    SHA256

    6641f0211253402fa4b39005e29c7e0b688d3722d05746040f6c35b4c14182eb

    SHA512

    b6420e3c79ebb31b687f1b3f89ee4a67ea45bc08628aa91cf9ad63cd6c488f198ef6f981ad784cfa6ce3534d937a4a957e02e00d2b09c99301cfba1e90d1996b

    Download Submit