Javascript Attempts to Detect VMs via Registry

VTI SCORE: 100/100

Target:

win8.1_64 | windows_script_file

Classification:

Dropper, Downloader

f664d5e8a47084388e3d0efabc38b5f04a759e382211846f722be6f7365df7fc (SHA256)

pricaz _6_.js

JScript

Created at 2018-02-28 11:58:00

Notifications (1/1)

The operating system was rebooted during the analysis because the sample installed a startup script or application for persistence.

Top Threat Indicators (View all 18 threat indicators)

Category	Operation	Classification
Anti Analysis	Tries to detect virtual machine	-
Persistence	Installs system startup script or application	-
PE	Executes dropped PE file	-

Screenshots

Monitored Processes

Analysis Information

Creation Time	2018-02-28 12:58 (UTC+1)
Analysis Duration	00:02:50
Number of Monitored Processes	8
Execution Successful
Reputation Enabled
Termination Reason	Timeout
Tags	#malware

Analyzer and Virtual Machine Information

Analyzer Version	2.2.0
Analyzer Build Date	2018-02-24 15:52 (UTC+1)
Adobe Acrobat Reader Version	11.0.00
Microsoft Office	2013
Microsoft Office Version	15.0.4420.1017
Microsoft Project Version	15.0.4569.1504
Microsoft Visio Version	15.0.4569.1504
Internet Explorer Version	11.0.9600.17031
Chrome Version	58.0.3029.110
Firefox Version	25.0
Flash Version	11.2.202.228
Java Version	7.0.510.13
VM Name	win8.1_64
VM Architecture	x86 64-bit
VM OS	Windows 8.1
VM Kernel Version	6.3.9600.17031 (6066913d-fbad-4ef6-b754-e136c12beca3)

Sample Information

ID	#24843
MD5 Hash Value	61e6fb6d1882411f588ae60cd2803ce4
SHA1 Hash Value	94e0a747af5edf70cd3db0224686f4fe2db2a8aa
SHA256 Hash Value	f664d5e8a47084388e3d0efabc38b5f04a759e382211846f722be6f7365df7fc
Filename	pricaz _6_.js
File Size	6.84 KB
File Type	JScript

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".