Managed XDR

runner.js — malware analysis report

File info

Filename
runner.js
File type
ASCII text, with CRLF, LF line terminators
File size
11.3 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
748c8307dca0b211826485c157008dad6329b89e
SHA256
a30bf04bb4079130d424a59fcdefbc7d7859fed41d16f7ac3a1dff6e7000cdd0
MD5
dd931066e8b7d301a64ea04d28414886

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.001 antisandbox_script_timer: Detected script timer window (indicative of sleep style evasion)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
get_policy_info: Retrieves information about a Policy object
checktokenmembership: Checks user token with CheckTokenMembership call