Overview

overview

10

Static

static

1

Order550232.jar

windows7-x64

10

Order550232.jar

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order550232.jar

  • Size

    129KB

  • MD5

    c91d4750382881ff7da852e22a6f2419

  • SHA1

    b916255dfadf02871d0a84083e989df52396e75b

  • SHA256

    12eac35e31b525e6257a42f809868ad6203e9ed8c8b07b487a46cfa0ba5ed4d3

  • SHA512

    e897cd5a0b05e557d83aa3c3678dcd565cd53737b8d05fe46515e56b7ff229d218c1cc908c57d1dcbf4b5fdd7295d2a44deaff81c76c91c4f7ff1db201266244

  • SSDEEP

    3072:jo1lDnmPMoEu8S5IL47n3RervM8+gjkztlabpOex5ruXIbCuo:wKPMoCS5gm3UryusGOexWuo

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Order550232.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Windows\system32\wscript.exe
      wscript C:\Users\Admin\euvrrnhkej.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        PID:2648
      • C:\Program Files\Java\jre7\bin\javaw.exe
        "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\rbbdbnesk.txt"
        3⤵
          PID:2556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\dqTlpEOTrV.js
      Filesize

      11KB

      MD5

      3a463dc3f1ccbb255564f73dccca622e

      SHA1

      ab4a88d983c371128c73699cac7e308ca7870f7b

      SHA256

      18c2e58bfb5e035d4c1e4d2ba4e506c8041c739ec32ec9ce80ba00adc4dbd550

      SHA512

      d7a4fdb65d1b5ff1616489e7b893ebab3f1e160c99007a43fc73ada3ec53cc9ddae4c3a6acb6e2852b239de336253064fd838d3f843c09e2ab952dce8e8e2cbe

      Download Submit

    • C:\Users\Admin\AppData\Roaming\rbbdbnesk.txt
      Filesize

      92KB

      MD5

      2ed25df72bd13cca5979c53b8fe7e529

      SHA1

      82b9c61b60f966e1ff77374b7aea67334ae98ef1

      SHA256

      81473eced4690bb6172d677771924cd4a0542c74f00dae2b3493cbebc6b1549c

      SHA512

      3086609e10bb6504ac26fb573874ade44ec446e19ac7d1e059f108dbaf31271617a10addabed41997e400bc885d07ef713054ef2d2246748809740a64c7e90f6

      Download Submit

    • C:\Users\Admin\euvrrnhkej.js
      Filesize

      4KB

      MD5

      c6e6c52a9327633b2942867f13b37f40

      SHA1

      c7b10a202906a8095e7930b38d7df85c64ba429b

      SHA256

      6b9b750f7e004fb7aad99bbde8de1efd0cfa20391edcf4694641d2e3688cc591

      SHA512

      a3036a47447ad8f2e8db1a6c0c57db7abc6fd7f590332ee48307ba1af4202d71cd9807bf6526b498c51ecde646fb7913dfa125f316ba56d20206ae5f8e6bffae

      Download Submit

    • memory/1512-9-0x00000000026D0000-0x00000000056D0000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/1512-12-0x0000000000450000-0x0000000000451000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-41-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-48-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-38-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-29-0x0000000002670000-0x0000000005670000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/2556-43-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-44-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-46-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-31-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-49-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-53-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-57-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-61-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-66-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-68-0x0000000002670000-0x0000000005670000-memory.dmp

      Filesize

      48.0MB

      Download