Cyber forensic tools play a crucial role in cyber investigations by helping investigators collect, analyze, and preserve digital evidence. 

These tools can extract data from various sources, such as:-

  • Hard drives
  • Mobile devices
  • Network traffic

They also allow for identifying malware, tracking online activities, and decrypting encrypted data.

Recently, Any Run launched its new “Script Tracer,” a tool primarily made for threat researchers to trace and deobfuscate malware execution.

ANY.RUN is an interactive malware sandbox that allows users to analyze unlimited malicious files and links for free. It also has a dedicated team of analysts who continuously expand the service’s detection and analysis capabilities.

Document
14 Days FREE Trial

Try Unlimited Interactive Malware Analysis with ANY.RUN Sandbox.

Analyzing any suspicious attachment or URL in a free interactive malware sandbox like ANY.RUN can instantly provide you with a conclusive verdict.

Script Tracer

Script Tracer in ANY.RUN’s cloud sandbox simplifies script deobfuscation and works seamlessly across all the major Windows versions, like Windows 7-11, enhancing users’ experiences.

Scripting languages empower Windows tasks but also fuel rising malware in such code. There are various types of scripting code in Windows, and here they are mentioned below:-

  • JScript
  • VBScript
  • VBA (Visual Basic for Applications)
  • Macro 4.0

All the above-mentioned scripts can be analyzed seamlessly with the help of Script Tracer. Before this update, ANY.RUN users saw execution outcomes but not attackers’ script actions like:

  • API calls
  • OS checks
  • WMI requests

Script Tracer provides detailed insights into deobfuscated script activities, similar to code debugging. Besides this, access the Script Tracer reports from a tracer icon in the process tree or the Advanced Process Details report.

Here below, we have mentioned the two new additions:

New Indicator in the Process Tree

A New Tab in Advanced Process Details

Apart from this, this tracer also enables users to view compiled VBE scripts like:-

  • The script execution process
  • Namely requested functions
  • Transferred data

Script Tracer reveals hidden insights, like request results. Scripts run via executables, as with WMIC loading and executing vbscript for malware data collection.

Encountering VBS-based malware? Examine WSHRat as an example. Easily investigate Office macros and scripts. You can also delve into the visible Windows API in a sneaky document using “alloc” and “request.”

Implementing ANY.RUN’s Threat Intelligence products are simple. Contact the Any Run team to learn more.

Patch Manager Plus: Automatically Patch over 850 third-party applications quickly – Try Free Trial.

Also Read:

Cybersecurity Risk Management – 6 Best Practices

GitLab 12.6 Released With Tools to Track Project Security Status and Release Evidence

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.