Malicious Javascript from MYOB Email Attack | VTI by Category
Try VMRay Analyzer
VTI Information
VTI Score
100 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Scripts
Detected Threats
Arrow Anti Analysis
Arrow
Try to detect virtual machine
Readout system information, commonly used to detect VMs via registry. (Value "VendorIdentifier" in key "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0").
Arrow Injection
Arrow
Write into memory of another process
"c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe" modifies memory of "c:\windows\syswow64\dllhost.exe"
Arrow
Modify control flow of another process
"c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe" alters context of "c:\windows\syswow64\dllhost.exe"
Arrow Network
Arrow
Check external IP address
Check external IP by asking IP info service at "httpbin.org/ip".
Arrow
Download data
URL "https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09".
URL "httpbin.org/ip".
Arrow
Connect to HTTP server
URL "httpbin.org/ip".
URL "https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09".
Arrow
Connect to remote host
Outgoing TCP connection to host "192.99.181.10:443".
Arrow PE
Arrow
Execute dropped PE file
Execute dropped file "c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe".
Arrow
Drop PE file
Drop file "c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe".
Drop file "c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll".
Arrow Process
Arrow
Create system object
Create mutex with name "df7689e6-c49f-4a86-82e8-6809a406872a".
- Browser
- Device
- OS
- File System
- Hide Tracks
- Information Stealing
- Kernel
- Masquerade
- Persistence
- User
- VBA Macro
- YARA
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image