Overview

overview

10

Static

static

1

QN8D6TLS2M.js

windows7-x64

10

QN8D6TLS2M.js

windows10-2004-x64

10

jef.js

windows7-x64

10

jef.js

windows10-2004-x64

10

sk.js

windows7-x64

10

sk.js

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2024 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sk.js

  • Size

    6KB

  • MD5

    d354464eb14c4d99c190cb2acfdfc49e

  • SHA1

    26e10a51ea212932e7ed7f2e73dcbd8e40e9656f

  • SHA256

    1b6515d5d9a1eda84fa8446b67136a38f135202390eb48b0f2457653a75f6409

  • SHA512

    0a713147809d77d0751afc5c14d1c0679f576422ca96fe03fbe38bdefd31013e7e24edd093ee0f941722bf6a51a4519237613d0cfeaec213c91a170052d40fa6

  • SSDEEP

    96:FlG93tXh8lZrFOkai8ayo9n/TPHUAl0kxOB/+Z3DfiDYwyPA:qxtXh8lVpaiHz/hxNZ3DfwyPA

Score
10/10
vjw0rmexecutiontrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Vjw0rm family
    vjw0rm
  • Drops startup file 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\sk.js
    1⤵
    • Drops startup file
    PID:1764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads