Overview

overview

10

Static

static

1

bd402a7b48...2c.jar

windows7-x64

10

bd402a7b48...2c.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd402a7b48f2b162736f4848c329792c.jar

  • Size

    147KB

  • MD5

    bd402a7b48f2b162736f4848c329792c

  • SHA1

    fc17278dbfe1e9d65a3b8f2cb8a972017eaf1cc6

  • SHA256

    2013959396545e0d1c1a0c178544a778764ff12c4fba9a6637835a202cce979b

  • SHA512

    af6d380d7c3cc1540b9aa9c1bf070178f4120b78f6c571e67b43af1a4cd6199c139a2dd7890b03920cc8cfcfa5c2f56f627b553f0cb09ae71ca495bd73cf7ccc

  • SSDEEP

    3072:vAnBzB/sfK4/mNwKEoZ/4+TK8tA3uQr+22kj5Duor+rS:oB6K4mSKZC39r+6Duor+G

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\bd402a7b48f2b162736f4848c329792c.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\_output.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\TgoIKOyHRJ.js"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        PID:2888
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\tlrewl.txt"
        3⤵
          PID:2464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\TgoIKOyHRJ.js
      Filesize

      9KB

      MD5

      0aaca684c1da87000ded508128434e5b

      SHA1

      30e1080049ec19161920641b0d51910edb7c72dc

      SHA256

      c2d01245ffb256e95fdd530c1fc85da103714fe8d1996f3cea6cbf5d8e8d1b15

      SHA512

      979fa7dd85f09a1e7f04c5e91f79aba57268361cd0b34dc4c5113f6e56a421565e1241a1bceacf0be3a37eb2601bd8a0285ce861f31b234427f182b71c651e79

      Download Submit

    • C:\Users\Admin\AppData\Roaming\tlrewl.txt
      Filesize

      106KB

      MD5

      7ee83aef0f72ce7f93452b093d9b34f5

      SHA1

      5c68f45173190f62e953bef170f07059cb54d716

      SHA256

      040fe3f3bae7be7e1f180b3852016b6de34497a00e6d50b64a05aa334e74961c

      SHA512

      cb6237b6b1c42e1ac7ba6f7ac69cc1244a20f9e76bca712f699347cc842ec139f2ba0aacfd47f336b458c9d9c5766bed87a3b72591f8ce9dab009909aeedeae7

      Download Submit

    • C:\Users\Admin\_output.js
      Filesize

      228KB

      MD5

      d427936b203e2429e10ac2b1e0cb1263

      SHA1

      85a7521899c6c1cd5fe87b54f8cade2c7e108f15

      SHA256

      26a3f7c55fb2661c5136308476b533f0a9081341d7fe4c4fa63f22563170eeca

      SHA512

      2731f349f1598f572a5dc84902db6e4d6614aed89f491374808757593b8e602a3e24c1930465d8b15b451b0b7008903cffbc02e8b67febe664507ef52b61ae05

      Download Submit

    • memory/2464-27-0x00000000021A0000-0x00000000051A0000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2464-31-0x0000000000410000-0x0000000000411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2464-32-0x00000000021A0000-0x00000000051A0000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2872-9-0x00000000020B0000-0x00000000050B0000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2872-12-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download