How Sandboxes Help Analysts Expose Script-Based Attacks

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive.
You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network.
To prevent this, analyzing suspicious files in malware analysis sandboxes is crucial.
Here are some instances where they prove invaluable.
VBE files are essentially encoded VBS scripts initially designed back in the day to safeguard intellectual property.
As a result, it is impossible to view their source code without extra tools, hindering analysis and allowing detection evasion.
Uploading a VBE file to a proper sandbox service instantly reveals the decoded VBS script at play.
It presents a full view of the script execution process, including its requested functions, transferred data, and commands.
A sandbox can also reveal the results of commands executed within scripts.
With the help of a sandbox, users can see the command's output as well as download it for further analysis.
This empowers analysts to fully comprehend the attacker's actions and the potential harm caused.
Analyzing any suspicious attachment or URL in a free interactive malware sandbox like ANY.RUN can instantly provide you with a conclusive verdict.
A sandbox's ability to track script-executable interactions is crucial in identifying malicious scripts that depend on executables for their functionality.
This insight helps analysts detect and neutralize script-based malware by employing executable files as a launchpad for their malicious activities.
In the provided example, a malicious executable utilizes the Windows Management Instrumentation Command tool to load and execute a VBScript file.
This approach allows the malware to conceal its true nature and manipulate the system without raising suspicion.
A sandbox can streamline investigating VBS-based malware, saving a lot of time on extensive reverse engineering or debugging.
This example shows the WSHRAT malware making a WMI query likely to check for all the installed antivirus solutions on the device.
You can try the full range of ANY.RUN's capabilities completely for free by requesting 14 days of a free trial.

This Cyber News was published on gbhackers.com. Publication date: Thu, 14 Dec 2023 17:13:07 +0000

Cyber News related to How Sandboxes Help Analysts Expose Script-Based Attacks

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com

8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
2 years ago Darkreading.com

5 Best Ways a Malware Sandbox Can Help Your Company - Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked. Malware sandboxes equipped with advanced AI capabilities can significantly enhance the training and productivity of junior security staff. ...
2 years ago Cybersecuritynews.com

How Sandboxes Help Analysts Expose Script-Based Attacks - Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent ...
2 years ago Gbhackers.com

What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
3 years ago Hackread.com

How Businesses Prevent Credential Theft with Early Phishing Detection - By offering real-time, hands-on analysis, sandboxes give businesses the tools they need to stay one step ahead of evolving phishing attacks. Sandboxes like ANY.RUN offer real-time analysis, complete attack visibility, and tools that empower ...
7 months ago Cybersecuritynews.com

10 Best Anti-Phishing Tools in 2025 - What is Good?What Could Be Better?Real-time email threat detection and response using AI and machine learning.Limited customer support optionsAutomates incident response to stop phishing attacks quickly.The training module is not entirely ...
7 months ago Cybersecuritynews.com

Packet Analysis Optimization Advanced Protocols For Cybersecurity Analysts - Full packet capture (FPC) repositories enable analysts to reconstruct the sequence of events leading up to a security incident, identify the initial point of compromise, and trace the movement of attackers across the network. In conclusion, packet ...
10 months ago Cybersecuritynews.com

The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
2 years ago Blog.checkpoint.com

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com

Defending Against AI-Based Cyber Attacks: A Comprehensive Guide - As attackers begin to use AI to automate and improve their tactics, defenders are forced to adapt and develop effective measures to protect their data. Exploit development: AI can automatically generate and tailor exploits to specific ...
2 years ago Securityboulevard.com

Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
2 years ago Darkreading.com

Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
2 years ago Blog.virustotal.com

How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
2 years ago Darkreading.com

ANYRUN Safebrowsing Extension - Analyse Any Malicious URL for Free - Safebrowsing enables security analysts to interact with the entire attack chain, monitor network activity, and uncover hidden threats in a controlled, isolated environment. According to ANY.RUN Reports, Safebrowsing integrates a Network Inspector, ...
1 year ago Cybersecuritynews.com

How To Prioritize Threat Intelligence Alerts In A High-Volume SOC - This article explores practical strategies and frameworks for prioritizing threat intelligence alerts in high-volume SOC environments, helping security teams focus on what matters most while reducing alert fatigue and improving overall security ...
10 months ago Cybersecuritynews.com

Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks - PRESS RELEASE. San Jose, Calif. - February 15, 2024 - Vectra AI, Inc., the leader in hybrid attack detection, investigation and response, today announced the launch of Vectra MXDR services, the industry's first global, 24x7 open MXDR service built to ...
2 years ago Darkreading.com

Integrating LLMs into security operations using Wazuh - Once YARA identifies a malicious file, ChatGPT enriches the alert with details about the detected threat, helping security teams better understand and respond to the incident. Log analysis and data enrichment: Trained LLMs like ChatGPT can interpret ...
1 year ago Bleepingcomputer.com

Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
1 year ago Helpnetsecurity.com

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast - What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on ...
1 year ago Helpnetsecurity.com

How Script-based Malware Attacks Work: Modern Examples - It’s flagged by antivirus due to its binary signature before it can execute, but if it runs, it might install a persistent rootkit. A PowerShell script delivered via a phishing email runs in memory, downloads ransomware, and encrypts files. ...
10 months ago Cybersecuritynews.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
8 months ago Cybersecuritynews.com

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Vulnerability disclosure: Legal risks and ethical considerations for researchersIn this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in ...
2 years ago Helpnetsecurity.com

Content Delivery Network FAQs - Content Delivery Networks have become increasingly popular among businesses of all sizes in recent years. They offer a host of benefits to businesses, which can help to aid the smooth running of operations and boost reputation, efficiency, ...
3 years ago Hackread.com

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. Leveraging AI for ...
1 year ago Helpnetsecurity.com