Play interactive tour
Edit tourAnalysis Report Microsoft.Office.Smartlookup.Vendor_cfe9ce8c6334a9b3191bbc9bfc72ad56.js
Overview
General Information |
|---|
| Joe Sandbox Version: | 26.0.0 Aquamarine |
| Analysis ID: | 132309 |
| Start date: | 15.05.2019 |
| Start time: | 23:47:44 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 1m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | Microsoft.Office.Smartlookup.Vendor_cfe9ce8c6334a9b3191bbc9bfc72ad56.js |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 |
| Run name: | without instrumentation |
| Number of analysed new started processes analysed: | 2 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis stop reason: | Timeout |
| Detection: | CLEAN |
| Classification: | clean1.winJS@1/0@0/0 |
| EGA Information: | Failed |
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Detection |
|---|
| Strategy | Score | Range | Reporting | Whitelisted | Detection | |
|---|---|---|---|---|---|---|
| Threshold | 1 | 0 - 100 | false |  | ||
Confidence |
|---|
| Strategy | Score | Range | Further Analysis Required? | Confidence | |
|---|---|---|---|---|---|
| Threshold | 4 | 0 - 5 | false |   | |
Classification |
|---|
Analysis Advice |
|---|
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Scripting2 | Winlogon Helper DLL | Port Monitors | Scripting2 | Credential Dumping | Query Registry1 | Application Deployment Software | Data from Local System | Data Compressed | Data Obfuscation |
| Replication Through Removable Media | Service Execution | Port Monitors | Accessibility Features | DLL Side-Loading1 | Network Sniffing | Application Window Discovery | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Fallback Channels |
| Drive-by Compromise | Windows Management Instrumentation | Accessibility Features | Path Interception | Obfuscated Files or Information1 | Input Capture | Query Registry | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Custom Cryptographic Protocol |
Signature Overview |
|---|
Click to jump to signature section
Networking: |   |
|---|
| Urls found in memory or binary data | Show sources | ||
| Source: | String found in binary or memory: | ||
System Summary: | |
|---|
| Java / VBScript file with very long strings (likely obfuscated code) | Show sources | ||
| Source: | Initial sample: | ||
| Tries to load missing DLLs | Show sources | ||
| Source: | Section loaded: | Jump to behavior | ||
| Classification label | Show sources | ||
| Source: | Classification label: | ||
| Reads software policies | Show sources | ||
| Source: | Key opened: | Jump to behavior | ||
| Uses an in-process (OLE) Automation server | Show sources | ||
| Source: | Key value queried: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection: | |
|---|
| Disables application error messsages (SetErrorMode) | Show sources | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion: | |
|---|
| Found WSH timer for Javascript or VBS script (likely evasive script) | Show sources | ||
| Source: | Window found: | Jump to behavior | ||
Language, Device and Operating System Detection: | |
|---|
| Queries the cryptographic machine GUID | Show sources | ||
| Source: | Key value queried: | Jump to behavior | ||
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetSimulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 23:49:57 | API Interceptor |
Antivirus and Machine Learning Detection |
|---|
Initial Sample |
|---|
| No Antivirus matches |
|---|
Dropped Files |
|---|
| No Antivirus matches |
|---|
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
| No Antivirus matches |
|---|
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
Yara Overview |
|---|
Initial Sample |
|---|
| No yara matches |
|---|
PCAP (Network Traffic) |
|---|
| No yara matches |
|---|
Dropped Files |
|---|
| No yara matches |
|---|
Memory Dumps |
|---|
| No yara matches |
|---|
Unpacked PEs |
|---|
| No yara matches |
|---|
Joe Sandbox View / Context |
|---|
Screenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
