Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Order550232.jar

windows7-x64

10

Order550232.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/02/2024, 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order550232.jar

  • Size

    129KB

  • MD5

    c91d4750382881ff7da852e22a6f2419

  • SHA1

    b916255dfadf02871d0a84083e989df52396e75b

  • SHA256

    12eac35e31b525e6257a42f809868ad6203e9ed8c8b07b487a46cfa0ba5ed4d3

  • SHA512

    e897cd5a0b05e557d83aa3c3678dcd565cd53737b8d05fe46515e56b7ff229d218c1cc908c57d1dcbf4b5fdd7295d2a44deaff81c76c91c4f7ff1db201266244

  • SSDEEP

    3072:jo1lDnmPMoEu8S5IL47n3RervM8+gjkztlabpOex5ruXIbCuo:wKPMoCS5gm3UryusGOexWuo

Score
10/10
vjw0rmdiscoverypersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Order550232.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2580
    • C:\Windows\SYSTEM32\wscript.exe
      wscript C:\Users\Admin\euvrrnhkej.js
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        PID:1032
      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\dcjlcvvvxq.txt"
        3⤵
        • Drops file in Program Files directory
        PID:1476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    bb7ef98b65a676c0fe98e05ba7c9b989

    SHA1

    7987ce7fa4062e3d62268dbbe14134785f5bceb5

    SHA256

    4a36b275992c18b424ae38f461fb008ffbfae3c85f44c76eeac4c2cb2b034705

    SHA512

    186b0b65fac68fecf5860f86a394b219069215c9891517fd20f1339252c1b98e053ec69c618d6beff2d9e45b73b82837855f67d2512e80f26964e492fdac5e6c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\dcjlcvvvxq.txt
    Filesize

    92KB

    MD5

    2ed25df72bd13cca5979c53b8fe7e529

    SHA1

    82b9c61b60f966e1ff77374b7aea67334ae98ef1

    SHA256

    81473eced4690bb6172d677771924cd4a0542c74f00dae2b3493cbebc6b1549c

    SHA512

    3086609e10bb6504ac26fb573874ade44ec446e19ac7d1e059f108dbaf31271617a10addabed41997e400bc885d07ef713054ef2d2246748809740a64c7e90f6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js
    Filesize

    11KB

    MD5

    3a463dc3f1ccbb255564f73dccca622e

    SHA1

    ab4a88d983c371128c73699cac7e308ca7870f7b

    SHA256

    18c2e58bfb5e035d4c1e4d2ba4e506c8041c739ec32ec9ce80ba00adc4dbd550

    SHA512

    d7a4fdb65d1b5ff1616489e7b893ebab3f1e160c99007a43fc73ada3ec53cc9ddae4c3a6acb6e2852b239de336253064fd838d3f843c09e2ab952dce8e8e2cbe

    Download Submit

  • C:\Users\Admin\euvrrnhkej.js
    Filesize

    205KB

    MD5

    d5fe40e5e35ebbc1a60c54672f775325

    SHA1

    9b01278c620351932e98e95db9881f18652f7e67

    SHA256

    a40e1a0e0a1e68051cefc29955d92d99efa3d24a8d70052de8aa9e4ab08da32b

    SHA512

    2ade53d5a1d303328af40acf3f1d231fc54a8b3eb0d1e934094a7b7c63e5035c679e7ce89465e0ea4ea796e7f5f991c1da760cb64ad4b15b8d9130272e6d617c

    Download Submit

  • memory/1300-4-0x000001D4E2310000-0x000001D4E3310000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1300-13-0x000001D4E0AE0000-0x000001D4E0AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1476-51-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-57-0x00000255002A0000-0x00000255002B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-41-0x0000025574950000-0x0000025574951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1476-50-0x0000025574950000-0x0000025574951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1476-26-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-55-0x0000025500280000-0x0000025500290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-56-0x00000255002F0000-0x0000025500300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-39-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-59-0x00000255002C0000-0x00000255002D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-58-0x00000255002B0000-0x00000255002C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-60-0x00000255002E0000-0x00000255002F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-62-0x0000025500300000-0x0000025500310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-61-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-63-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download