Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Order550232.jar

windows7-x64

10

Order550232.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/02/2024, 03:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order550232.jar

  • Size

    129KB

  • MD5

    c91d4750382881ff7da852e22a6f2419

  • SHA1

    b916255dfadf02871d0a84083e989df52396e75b

  • SHA256

    12eac35e31b525e6257a42f809868ad6203e9ed8c8b07b487a46cfa0ba5ed4d3

  • SHA512

    e897cd5a0b05e557d83aa3c3678dcd565cd53737b8d05fe46515e56b7ff229d218c1cc908c57d1dcbf4b5fdd7295d2a44deaff81c76c91c4f7ff1db201266244

  • SSDEEP

    3072:jo1lDnmPMoEu8S5IL47n3RervM8+gjkztlabpOex5ruXIbCuo:wKPMoCS5gm3UryusGOexWuo

Score
10/10
vjw0rmdiscoverypersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Order550232.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:2580
    • C:\Windows\SYSTEM32\wscript.exe
      wscript C:\Users\Admin\euvrrnhkej.js
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        PID:1032
      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\dcjlcvvvxq.txt"
        3⤵
        • Drops file in Program Files directory
        PID:1476

Network

  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    173.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    173.178.17.96.in-addr.arpa
    IN PTR
    Response
    173.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-173deploystaticakamaitechnologiescom
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
  • flag-us
    DNS
    gameserver-789.duia.ro
    WScript.exe
    Remote address:
    8.8.8.8:53
    Request
    gameserver-789.duia.ro
    IN A
    Response
No results found
  • 8.8.8.8:53
    178.223.142.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    178.223.142.52.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    209 B
     395 B
     3
    3

    DNS Request

    196.249.167.52.in-addr.arpa

    DNS Request

    gameserver-789.duia.ro

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    173.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    173.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    68 B
     124 B
     1
    1

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    136 B
     248 B
     2
    2

    DNS Request

    gameserver-789.duia.ro

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    136 B
     248 B
     2
    2

    DNS Request

    gameserver-789.duia.ro

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    136 B
     248 B
     2
    2

    DNS Request

    gameserver-789.duia.ro

    DNS Request

    gameserver-789.duia.ro

  • 8.8.8.8:53
    gameserver-789.duia.ro
    dns
    WScript.exe
    136 B
     248 B
     2
    2

    DNS Request

    gameserver-789.duia.ro

    DNS Request

    gameserver-789.duia.ro

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    bb7ef98b65a676c0fe98e05ba7c9b989

    SHA1

    7987ce7fa4062e3d62268dbbe14134785f5bceb5

    SHA256

    4a36b275992c18b424ae38f461fb008ffbfae3c85f44c76eeac4c2cb2b034705

    SHA512

    186b0b65fac68fecf5860f86a394b219069215c9891517fd20f1339252c1b98e053ec69c618d6beff2d9e45b73b82837855f67d2512e80f26964e492fdac5e6c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\dcjlcvvvxq.txt
    Filesize

    92KB

    MD5

    2ed25df72bd13cca5979c53b8fe7e529

    SHA1

    82b9c61b60f966e1ff77374b7aea67334ae98ef1

    SHA256

    81473eced4690bb6172d677771924cd4a0542c74f00dae2b3493cbebc6b1549c

    SHA512

    3086609e10bb6504ac26fb573874ade44ec446e19ac7d1e059f108dbaf31271617a10addabed41997e400bc885d07ef713054ef2d2246748809740a64c7e90f6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js
    Filesize

    11KB

    MD5

    3a463dc3f1ccbb255564f73dccca622e

    SHA1

    ab4a88d983c371128c73699cac7e308ca7870f7b

    SHA256

    18c2e58bfb5e035d4c1e4d2ba4e506c8041c739ec32ec9ce80ba00adc4dbd550

    SHA512

    d7a4fdb65d1b5ff1616489e7b893ebab3f1e160c99007a43fc73ada3ec53cc9ddae4c3a6acb6e2852b239de336253064fd838d3f843c09e2ab952dce8e8e2cbe

    Download Submit

  • C:\Users\Admin\euvrrnhkej.js
    Filesize

    205KB

    MD5

    d5fe40e5e35ebbc1a60c54672f775325

    SHA1

    9b01278c620351932e98e95db9881f18652f7e67

    SHA256

    a40e1a0e0a1e68051cefc29955d92d99efa3d24a8d70052de8aa9e4ab08da32b

    SHA512

    2ade53d5a1d303328af40acf3f1d231fc54a8b3eb0d1e934094a7b7c63e5035c679e7ce89465e0ea4ea796e7f5f991c1da760cb64ad4b15b8d9130272e6d617c

    Download Submit

  • memory/1300-4-0x000001D4E2310000-0x000001D4E3310000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1300-13-0x000001D4E0AE0000-0x000001D4E0AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1476-51-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-57-0x00000255002A0000-0x00000255002B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-41-0x0000025574950000-0x0000025574951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1476-50-0x0000025574950000-0x0000025574951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1476-26-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-55-0x0000025500280000-0x0000025500290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-56-0x00000255002F0000-0x0000025500300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-39-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-59-0x00000255002C0000-0x00000255002D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-58-0x00000255002B0000-0x00000255002C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-60-0x00000255002E0000-0x00000255002F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-62-0x0000025500300000-0x0000025500310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1476-61-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1476-63-0x0000025500000000-0x0000025501000000-memory.dmp

    Filesize

    16.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.