Windows Analysis Report techsmith-smart-player.min.js

Overview

General Information

Sample Name: techsmith-smart-player.min.js
Analysis ID: 491731
MD5: 31b067a1e7db6f55f3727e7a820ab510
SHA1: feddeec3efe8f5cbc7a517575088b234e2d47272
SHA256: 9d50de298d630f270c794af5b28be40ad0bb392e96efa0a224658f896fc3f04a
Infos:

Most interesting Screenshot:

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Potential obfuscated javascript found
Program does not show much activity (idle)
Java / VBScript file with very long strings (likely obfuscated code)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Source: techsmith-smart-player.min.js String found in binary or memory: https://www.techsmith.com/redirect.asp?target=media_not_found&ver=4.

System Summary:

barindex
Java / VBScript file with very long strings (likely obfuscated code)
Source: techsmith-smart-player.min.js Initial sample: Strings found which are bigger than 50
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 Jump to behavior
Source: C:\Windows\System32\wscript.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: sus22.evad.winJS@1/0@0/0

Data Obfuscation:

barindex
Potential obfuscated javascript found
Source: techsmith-smart-player.min.js Initial file: High amount of function use 3152

Hooking and other Techniques for Hiding and Protection:

barindex
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Windows\System32\wscript.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Found WSH timer for Javascript or VBS script (likely evasive script)
Source: C:\Windows\System32\wscript.exe Window found: window name: WSH-Timer Jump to behavior

Anti Debugging:

barindex
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 491731 Sample: techsmith-smart-player.min.js Startdate: 27/09/2021 Architecture: WINDOWS Score: 22 7 Potential obfuscated javascript found 2->7 5 wscript.exe 2->5         started        process3
No contacted IP infos