I am currently trying to work my way through this piece of malware analysis and am currently stuck on Task 2. I am pretty new to malware analysis so I would love a nudge in the right direction for this task. To obtain the answer to Task 1 I ran the file through Virus Total, but I am now stuck.
The question: Which option has the attacker enabled in the script to run the malicious Node.js application?
I have a feeling its something to do with the script.jsc file and the preload.js file. I have looked through the preload and didn’t spot anything that stood out to me. I have been searching how to read/decompile .jsc files but have not had much success there either. My other line of thought was some kind of cli option that a script might try to execute in power shell, but I couldn’t find a relevant one.
I also tried to run the .exe file through Ghidra to not much success.
Any hints to help would be appreciated!