Overview

overview

10

Static

static

1

af85d8109f...66f.js

windows7-x64

10

af85d8109f...66f.js

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-02-2024 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af85d8109ff251f1db6191b46ef8c66f.js

  • Size

    191KB

  • MD5

    af85d8109ff251f1db6191b46ef8c66f

  • SHA1

    b1f6c58407bd70c4819db5eecfbc2cdcb5af77e3

  • SHA256

    5ec545f3cccb7dddd12196320fb5144f131818170d87000cdca10fe9fb0353d4

  • SHA512

    1a7bf9da69cd189c15d33c0a7114670c0a0c5b76cf6f8cece60c33cac7b32cb7d22d13a989d19f61eebead584429d3ed9afdd8a222959b24ee31abc62353d48d

  • SSDEEP

    3072:yWt8ruabx2MftvMQDvolUJSKqvCVfKzJme6TB+ZhUzzv9EZAUycwqeHZzL:yWt8ruEjMV3KqsaB+B+MzFpeSzL

Score
10/10
vjw0rmdiscoverypersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\af85d8109ff251f1db6191b46ef8c66f.js
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tKaUarDZDG.js"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      PID:4752
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ajbycxarzb.txt"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3600
      • C:\Program Files\Java\jre-1.8\bin\java.exe
        "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\ajbycxarzb.txt"
        3⤵
          PID:1288

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      867850ddb78213b53afb8e96709a2354

      SHA1

      2a182d7acb05fe867558a35db5b451875bee46dc

      SHA256

      6252fc628c265e5941b54400ae23fbd8d4121f1f177ba23f684c8f4bc105d57e

      SHA512

      97b64d37764851646b34b4e4f397faef6cc097e6e025be62fc416f13834dc8b86827239b370f31635ed454793c4d04515874886bef64af64c6ed403c3da3d8e9

      Download Submit

    • C:\Users\Admin\AppData\Roaming\ajbycxarzb.txt
      Filesize

      92KB

      MD5

      e960b9b8954afa303d7989eed1290637

      SHA1

      a42410c56fb024243014c29334152c209ab88873

      SHA256

      4439ce946a74288bc91360bee4b7ef43e7efeced81432ba10728220c323d7c7f

      SHA512

      cdb3f0e2911f1841919847903c6f6bd695e3f15106c1a5b7fa19b70e549967beefa7c32c87a1a2040bbc2b7a75b1a90adc7a7e113f519e15b09f62dc0ea473c8

      Download Submit

    • C:\Users\Admin\AppData\Roaming\tKaUarDZDG.js
      Filesize

      5KB

      MD5

      1f7a1f50ddcaacd7c16098f452ae3ea9

      SHA1

      c31e3feb895e9b69db5e014cc42a2b3e03473016

      SHA256

      f14d01dc44ad040b5c3a8b418aa4c27bc476f0c5bd7af5e1554547fe0f6bb2ef

      SHA512

      6835fe9faac663378a6bd96e4dcba1f492d4dc488d410e019a965ca3c989c0d66d39f71b213a579c0e55fa4e52deb542b64c9b68108763af6ffed89414867271

      Download Submit

    • memory/2072-95-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-49-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-25-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-34-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-96-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-47-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-48-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-102-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-50-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-105-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-66-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-67-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-68-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-83-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-93-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-9-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-38-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-19-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-61-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-106-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-109-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-108-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-115-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-116-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-120-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-119-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-124-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-125-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-126-0x00000255E8A00000-0x00000255E8A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-131-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-136-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/2072-138-0x00000255EA650000-0x00000255EA660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2072-137-0x00000255EA640000-0x00000255EA650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2072-139-0x00000255EA1D0000-0x00000255EB1D0000-memory.dmp

      Filesize

      16.0MB

      Download