We are hiring! Windows Kernel Developer (Remote), apply here!
flash

Order Requirement 2022.js

Status: finished
Submission Time: 2022-10-03 15:45:23 +02:00
Malicious
Trojan
Exploiter
Evader
WSHRat, VjW0rm

Comments

Tags

  • js
  • Vjw0rm

Details

  • Analysis ID:
    715072
  • API (Web) ID:
    1082511
  • Analysis Started:
    2022-10-03 15:55:21 +02:00
  • Analysis Finished:
    2022-10-03 16:07:29 +02:00
  • MD5:
    e873a424159d2557551d0f4684af7a5f
  • SHA1:
    7dfcc66a95100143fae12531151355d2016718f0
  • SHA256:
    0d5a587f0c1dcff512f6112ee48859608db08307aa39887cc71480998d7070d4
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
12/88

malicious

IPs

IP Country Detection
109.248.150.138
Russian Federation
154.120.126.87
Nigeria
109.248.144.237
Russian Federation

Domains

Name IP Detection
jbd231.duckdns.org
109.248.144.237
javaautorun.duia.ro
154.120.126.87

URLs

Name Detection
http://jbd231.duckdns.org:2022/is-readyEM
http://jbd231.duckdns.org:2022/is-ready#X5
http://jbd231.duckdns.org:2022/is-readyD
Click to see the 77 hidden entries
http://jbd231.duckdns.org:2022/is-ready?
http://jbd231.duckdns.org:2022/is-readyd8
http://jbd231.duckdns.org:20ecuritycenter2=
http://jbd231.duckdns.org:2022/is-readyady
http://jbd231.duckdns.org:2022/is-readyh8
http://jbd231.duckdns.org:2022/is-readys.org:2022/is-readypData
http://jbd231.duckdns.org:2022/is-readyckdns.org:2022/is-ready
http://jbd231.duckdns.org:2022/is-readyspecified
http://jbd231.duckdns.org:2022/is-ready
http://jbd231.duckdns.org:2022/is-readyadyEM
http://jbd231.duckdns.org:2022/is-readyT
http://jbd231.duckdns.org/
http://jbd231.duckdns.org:2022/is-readym32
http://jbd231.duckdns.org:2022/is-readysL8
http://jbd231.duckdns.org/1
http://jbd231.duckdns.org/ilter-0000
http://jbd231.duckdns.org/on
http://jbd231.duckdns.org:2022/is-readyas
http://jbd231.duckdns.org:2022/is-readyAN
http://jbd231.duckdns.org:2022/is-readyed.
http://jbd231.duckdns.org:2022/is-readyt
http://jbd231.duckdns.org:2022/is-readye
http://jbd231.duckdns.org:2022/is-readyady.
http://javaautorun.duia.ro:5465/VreM3:.0
http://jbd231.duckdns.org:2022/is-readys.org:2022/is-ready
http://jbd231.duckdns.org:2022/is-ready&
http://jbd231.duckdns.org:2022/is-ready_
http://jbd231.duckdns.org:2022/is-readyXFwuXFxyb290XFxjaW12MiIpOw0KdmFy
http://jbd231.duckdns.org:2022/is-readyG
http://jbd231.duckdns.org:2022/is-ready3
http://jbd231.duckdns.org:2022/is-ready-
http://jbd231.duckdns.org:2022/is-ready.
http://jbd231.duckdns.org:2022/is-readyL
http://jbd231.duckdns.org:2022/is-readyK
http://jbd231.duckdns.org:2022/is-ready32
http://jbd231.duckdns.org:2022/is-readyI
http://jbd231.duckdns.org/O?
http://javaautorun.duia.ro:5465/Vre63209-4053062332-100
http://javaautorun.duia.ro:5465/Vre:
http://javaautorun.duia.ro:5465/VreZXNwb25zf/
http://javaautorun.duia.ro:5465/Vreor
http://javaautorun.duia.ro:5465/VreS
http://javaautorun.duia.ro:5465/VrehN
http://javaautorun.duia.ro:5465/Vreoi
http://javaautorun.duia.ro:5465/VreN
http://javaautorun.duia.ro:5465/Vre0
http://javaautorun.duia.ro:5465/Vre.
http://javaautorun.duia.ro:5465/Vrew
http://javaautorun.duia.ro:5465/Vres);
http://javaautorun.duia.ro:5465/VreM
http://javaautorun.duia.ro:5465/VredmFyIGZy
http://javaautorun.duia.ro:5465/Vre#
http://javaautorun.duia.ro:5465/Vre1_
http://javaautorun.duia.ro:5465/ZpbGU
http://javaautorun.duia.ro:5465/VreY
http://javaautorun.duia.ro:5465/Vresofdowches
http://javaautorun.duia.ro:5465/Vrer
http://javaautorun.duia.ro:5465/Vreoh_AE
http://javaautorun.duia.ro:5465/
http://javaautorun.duia.ro:5465/Vreo
http://javaautorun.duia.ro:5465/VreConnectionKeep-Alive
http://javaautorun.duia.ro:5465/VreMC
http://javaautorun.duia.ro:5465/VredmFyIGZyhN
http://javaautorun.duia.ro:5465/Vrero6
http://javaautorun.duia.ro:5465/Vrej
http://javaautorun.duia.ro:5465/VreZXNwb25z
http://javaautorun.duia.ro:5465/Vre$K
http://javaautorun.duia.ro:5465/Vrecnkgew0K
http://javaautorun.duia.ro:5465/Vrel
http://javaautorun.duia.ro:5465/Vref
http://javaautorun.duia.ro:5465/Vred
http://javaautorun.duia.ro:5465/Vreh
http://javaautorun.duia.ro:5465/VreYWNlKCIl
http://javaautorun.duia.ro:5465/Vrecnkgew0KhN
http://javaautorun.duia.ro:5465/Vre.duia.ro:5465/Vre
http://javaautorun.duia.ro:5465/Vre
http://javaautorun.duia.ro:5465/VreMe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\CekIalTska.js
ASCII text, with very long lines (24033), with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CekIalTska.js
ASCII text, with very long lines (24033), with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js
ASCII text, with very long lines (34370)
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Order Requirement 2022.js:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Order Requirement 2022.js
ASCII text, with very long lines (34370)
#
C:\Users\user\AppData\Roaming\Order Requirement 2022.js:Zone.Identifier
ASCII text, with CRLF line terminators
#