Analysis Report Microsoft.Office.Smartlookup.Vendor_cfe9ce8c6334a9b3191bbc9bfc72ad56.js
Overview
General Information |
---|
Joe Sandbox Version: | 26.0.0 Aquamarine |
Analysis ID: | 132309 |
Start date: | 15.05.2019 |
Start time: | 23:47:44 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 1m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Microsoft.Office.Smartlookup.Vendor_cfe9ce8c6334a9b3191bbc9bfc72ad56.js |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 |
Run name: | without instrumentation |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.winJS@1/0@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Detection | |
---|---|---|---|---|---|---|
Threshold | 1 | 0 - 100 | false |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 4 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting2 | Winlogon Helper DLL | Port Monitors | Scripting2 | Credential Dumping | Query Registry1 | Application Deployment Software | Data from Local System | Data Compressed | Data Obfuscation |
Replication Through Removable Media | Service Execution | Port Monitors | Accessibility Features | DLL Side-Loading1 | Network Sniffing | Application Window Discovery | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Fallback Channels |
Drive-by Compromise | Windows Management Instrumentation | Accessibility Features | Path Interception | Obfuscated Files or Information1 | Input Capture | Query Registry | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Custom Cryptographic Protocol |
Signature Overview |
---|
Click to jump to signature section
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: |
System Summary: |
---|
Java / VBScript file with very long strings (likely obfuscated code) | Show sources |
Source: | Initial sample: |
Tries to load missing DLLs | Show sources |
Source: | Section loaded: | Jump to behavior |
Classification label | Show sources |
Source: | Classification label: |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Found WSH timer for Javascript or VBS script (likely evasive script) | Show sources |
Source: | Window found: | Jump to behavior |
Language, Device and Operating System Detection: |
---|
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
23:49:57 | API Interceptor |
Antivirus and Machine Learning Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Joe Sandbox View / Context |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.