Malicious Javascript from MYOB Email Attack | VTI by Score
Try VMRay Analyzer
VTI Information
VTI Score
100 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Scripts
Detected Threats
Arrow Anti Analysis Try to detect virtual machine
Readout system information, commonly used to detect VMs via registry. (Value "VendorIdentifier" in key "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0").
Arrow Injection Write into memory of another process
"c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe" modifies memory of "c:\windows\syswow64\dllhost.exe"
Arrow Injection Modify control flow of another process
"c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe" alters context of "c:\windows\syswow64\dllhost.exe"
Arrow PE Execute dropped PE file
Execute dropped file "c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe".
Arrow Network Check external IP address
Check external IP by asking IP info service at "httpbin.org/ip".
Arrow Network Download data
URL "https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09".
URL "httpbin.org/ip".
Arrow Network Connect to HTTP server
URL "httpbin.org/ip".
URL "https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09".
Arrow PE Drop PE file
Drop file "c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe".
Drop file "c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll".
Arrow Process Create system object
Create mutex with name "df7689e6-c49f-4a86-82e8-6809a406872a".
Arrow Network Connect to remote host
Outgoing TCP connection to host "192.99.181.10:443".
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image