Malicious Javascript from MYOB Email Attack | VMRay Analyzer Report
Try VMRay Analyzer
Analysis Information
Creation Time 2017-11-07 20:24 (UTC+1)
VM Analysis Duration Time 00:10:15
Execution Successful True
Sample Filename MYOB Supply Order.js
Command Line Parameters False
Prescript False
Number of Processes 4
Termination Reason Timeout
Reputation Enabled True
Download Archive Function Logfile Generic Logfile PCAP STIX/CybOX XML Summary JSON
VTI Information
VTI Score
100 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Scripts
Tags
#javascript #malware
Remarks
Critical The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.
Screenshots
Screenshot Screenshot Screenshot Screenshot
Monitored Processes
Process Graph


ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x9a8 Analysis Target High (Elevated) cscript.exe "C:\Windows\System32\CScript.exe" "C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS" -
#3 0xaa8 Child Process High (Elevated) pst790mv.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe" #1
#4 0x474 Child Process High (Elevated) dllhost.exe "C:\Windows\system32\dllhost.exe" #3
#5 0x4bc Child Process High (Elevated) dllhost.exe "C:\Windows\system32\dllhost.exe" #3
Sample Information
ID #20109
MD5 Hash Value a91f4575d5270ccb1257c5328bdadc3a
SHA1 Hash Value 29b7ca174c735c54ea1e1aedbc98517e75f8cead
SHA256 Hash Value 24139566e338de0e3c54fba4668eab701caa9ee7c8853b2ab2e2746277c57857
Filename MYOB Supply Order.js
File Size 7.15 KB (7318 bytes)
File Type JScript
Analyzer and Virtual Machine Information
Analyzer Version 2.2.0
Analyzer Build Date 2017-10-17 16:08
Internet Explorer Version 8.0.7601.17514
Chrome Version 58.0.3029.110
Firefox Version 25.0
Flash Version 10.3.183.75
Java Version 7.0.450
VM Name win7_64_sp1
VM Architecture x86 64-bit
VM OS Windows 7
VM Kernel Version 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image