Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 25, 2021, 9:50 a.m.	May 25, 2021, 9:57 a.m.

Size	116.6KB
Type	Zip archive data, at least v2.0 to extract
MD5	`74143635e4ccd866da6da37710e828c0`
SHA256	`fcc120cbbbf66a71a9c0e82d20ecfc6c5721b8ccb806755126c321545fd98d38`
CRC32	`9A92F91D`
ssdeep	`3072:A1K2+rPBgZFQLln3g2QR6uRXhifKSPRuODQlRm+ZQ:A1jzMS/Rx2C6c3lRPQ`
Yara	None matched

java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\test22\AppData\Local\Temp\HID%20Payment%20Advice%20Note%20from%2005242021_2.jar
620

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 25, 2021, 9:43 a.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 25, 2021, 9:43 a.m.	process_identifier: 620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002660000 process_handle: 0xffffffffffffffff	1	0	0

DrWeb	JS.Packed.56
MicroWorld-eScan	JS:Trojan.Cryxos.5748
Alibaba	TrojanDropper:JS/Banload.2e4d2efe
Arcabit	JS:Trojan.Cryxos.D1674
Cyren	JS/Agent.AVC!Eldorado
Symantec	Trojan Horse
ESET-NOD32	JS/TrojanDropper.Agent.OGQ
Avast	JS:Crypt-T [Trj]
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	JS:Trojan.Cryxos.5748
NANO-Antivirus	Exploit.Script.Nemucod.dzzhbf
F-Secure	Exploit.EXP/JAVA.Banload.MRAF.Gen
FireEye	JS:Trojan.Cryxos.5748
Emsisoft	JS:Trojan.Cryxos.5748 (B)
Ikarus	Win32.Outbreak
GData	JS:Trojan.Cryxos.5748
Avira	EXP/JAVA.Banload.MRAF.Gen
AegisLab	Trojan.Script.Generic.4!c
Cynet	Malicious (score: 99)
McAfee	Artemis!74143635E4CC
MAX	malware (ai score=87)
AVG	JS:Crypt-T [Trj]

count

3375

name

heapspray

process

java.exe

total_mb

843

length

262144

protection

PAGE_READWRITE

HID%20Payment%20Advice%20Note%20from%2005242021_2.jar