Overview

overview

10

Static

static

1

Shipping_Details.js

windows7-x64

10

Shipping_Details.js

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-02-2025 06:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Shipping_Details.js

  • Size

    9.2MB

  • MD5

    c72d738747f68d4f8d9e9368e47928bf

  • SHA1

    00b523b2e3ab0f2bfd7d4aabf3b1c33ae390c585

  • SHA256

    06b94b3ec86bd4a61888848f379808954de1ff2a1fe471edcfa312f5e9ba2ab5

  • SHA512

    1a01baa0c813b928cf5dfe456f76acdcf9be0e0df8a6131e248f9aa5456c65a69cb9809efe56afc4db32cfeeb93ca42e3319f1e53689ba4ed23b77911b802c61

  • SSDEEP

    3072:gNK8RjR/R8x/xqm2O1IrWa7Mjv/GnOv3GmPLjCKKIz9vs2J96i/OBDVOdz83Pm7+:I

Score
10/10
vjw0rmdiscoveryexecutiontrojanworm

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm
  • Vjw0rm family
    vjw0rm
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Shipping_Details.js
    1⤵
    • Checks computer location settings
    • System Network Configuration Discovery: Internet Connection Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\oUvEoxxwKv.js"
      2⤵
      • Drops startup file
      PID:2056
    • C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\unyitimiwt.txt"
      2⤵
        PID:3636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\oUvEoxxwKv.js
      Filesize

      1.1MB

      MD5

      b7e9c8bac9afc434944605c2422e1ad0

      SHA1

      a653b478be92ecbd848bf79e175c454ebb9ccf21

      SHA256

      be481241ae35aed859e1b558e23fcf640e0ec5f36d1e993a085ccc499b62c465

      SHA512

      b790f27cce05ee3c754728489c8912501dc5c61d00639db760957697e3ea28855a81ce38634ddf2d98bf865055977c4d5dd2faaecc3a625eb090012161df2190

      Download Submit

    • C:\Users\Admin\AppData\Roaming\unyitimiwt.txt
      Filesize

      164KB

      MD5

      ec5e12b3ea2318692c2d2b74c33dfbda

      SHA1

      f7f6c3d3e266c7a85ec489389d5508eaa1983055

      SHA256

      056579d3948044c01ffa21dd8a14f7c4109efd25e609055e24a37cb6db603ef7

      SHA512

      0c91246971bb23ba3801b348ca8148c048de43c4caa7912b681868e471f5a0f080f2969e8fda1b04a002a81b403bddb22b62496b8eee75814cb691391ad5851a

      Download Submit

    • memory/3636-8-0x00000138B76A0000-0x00000138B7910000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3636-20-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-44-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-57-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-60-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-64-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-67-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-74-0x00000138B76A0000-0x00000138B7910000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3636-82-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-85-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-91-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-97-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3636-103-0x00000138B5DE0000-0x00000138B5DE1000-memory.dmp

      Filesize

      4KB

      Download