Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
02-04-2024 05:46
General
-
Target
8547af690a9b533d6acd08360f5b18d5_JaffaCakes118.js
-
Size
45KB
-
MD5
8547af690a9b533d6acd08360f5b18d5
-
SHA1
fe393629e5df70bcfef741a70432af6c6a528b27
-
SHA256
e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a
-
SHA512
7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d
-
SSDEEP
768:klrw9II2LrCko3oHRirCWiUG+Odm4aS/pLF8NQEJUP:klK1MrCP3oHRirWUG+OdOqv8NQEJS
Malware Config
Signatures
-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Blocklisted process makes network request 6 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 5 IoCs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\8547af690a9b533d6acd08360f5b18d5_JaffaCakes118.js1⤵
- Checks computer location settings
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\sURhETJCuW.js"2⤵
- Drops startup file
- Adds Run key to start application
-
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\8547af690a9b533d6acd08360f5b18d5_JaffaCakes118.js"2⤵
- Blocklisted process makes network request
- Checks computer location settings
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\sURhETJCuW.js"3⤵
- Drops startup file
- Adds Run key to start application
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4344 --field-trial-handle=2240,i,16875000905773190493,11379096115878622792,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD58547af690a9b533d6acd08360f5b18d5
SHA1fe393629e5df70bcfef741a70432af6c6a528b27
SHA256e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a
SHA5127dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d
-
Filesize
8KB
MD51b42aad624e2912847110be197ac4d15
SHA1d334bd3287bb2068345fd4f436cee2c0fabc687a
SHA2563aae275c07d7764537c56383c404414ad94689c16dfdbf02c7315f1cc3cd870e
SHA51257dbfdaf42cb38e993bb4ab03d2e74919d1d396b9225d99eac3ef39c76fac2d999a7cd2265dc65bf6693ff65863d98b00de7265d54b670b1a680cfcbf9062a8a