Analysis Report #U5e94#U4ed8#U5e10#U5355.JS

Overview

General Information

Sample Name:	#U5e94#U4ed8#U5e10#U5355.JS
Analysis ID:	339444
MD5:	8928fc2990f2c4ecb3209c4281c68612
SHA1:	409182c8b6e8f83c4841473d8a31602493129da9
SHA256:	22ad37a20a155fd94df9ac2d68eb8099eb21d24c95689b7b6a2ff28c1b67765e
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found WSH timer for Javascript or VBS script (likely evasive script)

Java / VBScript file with very long strings (likely obfuscated code)

Program does not show much activity (idle)

Classification

Signatures

System Summary:

Java / VBScript file with very long strings (likely obfuscated code)

Source: #U5e94#U4ed8#U5e10#U5355.JS

Initial sample: Strings found which are bigger than 50

Source: classification engine

Classification label: clean1.winJS@1/0@0/0

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion:

Found WSH timer for Javascript or VBS script (likely evasive script)

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

ID:	339444
Product:	CloudBasic
Start time:	03:52:54
Start date:	14.01.2021
Sample:	#U5e94#U4ed8#U5e10#U5355.JS
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	8928fc2990f2c4ecb3209c4281c68612
SHA1:	409182c8b6e8f83c4841473d8a31602493129da9
SHA256:	22ad37a20a155fd94df9ac2d68eb8099eb21d24c95689b7b6a2ff28c1b67765e

Analysis Report #U5e94#U4ed8#U5e10#U5355.JS

Overview

General Information

Detection

Signatures

Classification

Signatures

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map