Windows Management Instrumentation
Command-Line Interface
Dynamic Analysis Report
Created 5 months ago
Lana_Rhoades_Photoos.js
JScript
Remarks (2/2)
(0x00600018): Static Analysis failed to analyze the sample due to an error. Check the sample_static_analysis.log file for further information.
(0x02000050): This analysis has been updated with the latest reputation and static analysis results from the original analysis with the ID #17994119.
VMRay Threat Identifiers (13 rules, 23 matches)
| Score | Category | Operation | Count | Classification | |
|---|---|---|---|---|---|
5/5 | YARA | Malicious content matched by YARA rules | 4 | Backdoor, Downloader | |
4/5 | Obfuscation | Reads from memory of another process | 2 | - | |
4/5 | Defense Evasion | Tries to detect the presence of antivirus software | 1 | - | |
4/5 | Injection | Writes into the memory of another process | 1 | Injector | |
4/5 | Reputation | Malicious host or URL detected via reputation | 1 | - | |
3/5 | Privilege Escalation | Enables process privileges | 1 | - | |
3/5 | Defense Evasion | Bypasses PowerShell execution policy | 2 | - | |
2/5 | Discovery | Queries OS version via WMI | 1 | - | |
2/5 | Network Connection | Performs DNS request | 3 | - | |
2/5 | Network Connection | Tries to connect using an uncommon port | 1 | - | |
Screenshots
Monitored Processes
MITRE ATT&CK™ Matrix - Windows
ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Access Token Manipulation
Defense Evasion
Access Token Manipulation
Credential Access
Discovery
Security Software Discovery
System Information Discovery
Process Discovery
Lateral Movement
Collection
Command and Control
Uncommonly Used Port
Exfiltration
Impact
Sample Information
| ID | #8120929 |
| MD5 | |
| SHA1 | |
| SHA256 | |
| SSDeep | |
| File Name | Lana_Rhoades_Photoos.js |
| File Size | 548.33 KB |
| Sample Type | JScript |
Analysis Information
| Creation Time | 2024-10-28 02:10 (UTC+) |
| Analysis Duration | 00:04:00 |
| Termination Reason | Timeout |
| Number of Monitored Processes | 5 |
| Execution Successful | |
| Reputation Enabled | |
| Built-in AV Enabled | |
| Number of AV Matches | 0 |
| YARA Enabled | |
| Number of YARA Matches | 5 |
