Overview

overview

10

Static

static

1

Order550232.jar

windows7-x64

10

Order550232.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    15-02-2024 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order550232.jar

  • Size

    129KB

  • MD5

    c91d4750382881ff7da852e22a6f2419

  • SHA1

    b916255dfadf02871d0a84083e989df52396e75b

  • SHA256

    12eac35e31b525e6257a42f809868ad6203e9ed8c8b07b487a46cfa0ba5ed4d3

  • SHA512

    e897cd5a0b05e557d83aa3c3678dcd565cd53737b8d05fe46515e56b7ff229d218c1cc908c57d1dcbf4b5fdd7295d2a44deaff81c76c91c4f7ff1db201266244

  • SSDEEP

    3072:jo1lDnmPMoEu8S5IL47n3RervM8+gjkztlabpOex5ruXIbCuo:wKPMoCS5gm3UryusGOexWuo

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Order550232.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\euvrrnhkej.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        PID:2096
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ktajdfkpi.txt"
        3⤵
          PID:2428

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js
      Filesize

      11KB

      MD5

      3a463dc3f1ccbb255564f73dccca622e

      SHA1

      ab4a88d983c371128c73699cac7e308ca7870f7b

      SHA256

      18c2e58bfb5e035d4c1e4d2ba4e506c8041c739ec32ec9ce80ba00adc4dbd550

      SHA512

      d7a4fdb65d1b5ff1616489e7b893ebab3f1e160c99007a43fc73ada3ec53cc9ddae4c3a6acb6e2852b239de336253064fd838d3f843c09e2ab952dce8e8e2cbe

      Download Submit

    • C:\Users\Admin\AppData\Roaming\ktajdfkpi.txt
      Filesize

      92KB

      MD5

      2ed25df72bd13cca5979c53b8fe7e529

      SHA1

      82b9c61b60f966e1ff77374b7aea67334ae98ef1

      SHA256

      81473eced4690bb6172d677771924cd4a0542c74f00dae2b3493cbebc6b1549c

      SHA512

      3086609e10bb6504ac26fb573874ade44ec446e19ac7d1e059f108dbaf31271617a10addabed41997e400bc885d07ef713054ef2d2246748809740a64c7e90f6

      Download Submit

    • C:\Users\Admin\euvrrnhkej.js
      Filesize

      205KB

      MD5

      d5fe40e5e35ebbc1a60c54672f775325

      SHA1

      9b01278c620351932e98e95db9881f18652f7e67

      SHA256

      a40e1a0e0a1e68051cefc29955d92d99efa3d24a8d70052de8aa9e4ab08da32b

      SHA512

      2ade53d5a1d303328af40acf3f1d231fc54a8b3eb0d1e934094a7b7c63e5035c679e7ce89465e0ea4ea796e7f5f991c1da760cb64ad4b15b8d9130272e6d617c

      Download Submit

    • memory/2428-29-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2428-30-0x0000000002300000-0x0000000005300000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2428-32-0x0000000002300000-0x0000000005300000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2564-8-0x0000000002260000-0x0000000005260000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2564-12-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download