vjw0rm | 09a9a4e6ec5014cdee9a0ab82e104e633010f83c111f2c61334e95b63bbe2705

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jef.js
Size

6KB
MD5

17e089c3ef4f085b1bfad8c1b4361487
SHA1

3e6807462f66acb266cb726f3a69a01848242bdc
SHA256

f1541619d13f07d33fef8c8aca2415661482751e0095f235ac9d0c5de3d71ca3
SHA512

39eaa8931a473444db641a28d20aa2cebde4678c3274efdf4ec8bbcb00005f29d905161521edcbcaa7c0e1f690fdb8ce54bdbd95e1869f45f8864b25a6a93f49
SSDEEP

192:n8+1Wv91fDDXz2sRiPuq/JnlbiMlhEs9hnBEqbam1n:8+wvzDXzYn/pluihEkhBluml

Score

10^/10

vjw0rm execution trojan worm

Malware Config

Signatures

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm
Vjw0rm family
vjw0rm

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jef.js	wscript.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jef.js
1⤵
- Drops startup file
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads