Overview

overview

10

Static

static

1

JaffaCakes...dd0.js

windows7-x64

10

JaffaCakes...dd0.js

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_b302998fc5e3ff4a61d22f5c35ea5e168e040d10bc8437cf8c190bfc27e63dd0.js

  • Size

    18KB

  • MD5

    1d9327d69fd263ac645b6a4eef31cb24

  • SHA1

    3cff6c8d464e8c254048635dd68e31225ffcb6e4

  • SHA256

    b302998fc5e3ff4a61d22f5c35ea5e168e040d10bc8437cf8c190bfc27e63dd0

  • SHA512

    50cf6ff55a3f73803b4b1313c029e08e66e62ff6de1fd839fec21aecc09d30254616a3b8aab271828a7a69f4835d155ee4af53bb3c4daaa3b4a1cb2305409e2f

  • SSDEEP

    192:XppRDuksQVaQ3bBcaJQYkobtD07DX5sRqvex8aIxjPyeUuKGwSfb+U0Sl2c2fgYS:XvvpaQ3bC9voUDXYHyjPw//9gRL

Score
10/10
vjw0rmexecutionpersistencetrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Vjw0rm family
    vjw0rm
  • Blocklisted process makes network request 32 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b302998fc5e3ff4a61d22f5c35ea5e168e040d10bc8437cf8c190bfc27e63dd0.js
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\amqolYPJMq.js"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\amqolYPJMq.js
    Filesize

    10KB

    MD5

    3f7b92769fc59d8adc125b4d4e8adee4

    SHA1

    b3ea6913dcf3681572a1db1f429cc5e1e49b060e

    SHA256

    e1fccde6528046c2c1e41096085c199efaddc1393d42f6696165aeec43c9a209

    SHA512

    659caad97e885af9d5f2dece465873b517fc34a5c67f5f0aba08b9ef868cca57fe025ed9979bd0933e46ee45792d5b424bd99a24c4449c5b739f17e0b6bdf01f

    Download Submit