Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 26, 2021, 5:44 p.m.	May 26, 2021, 5:48 p.m.

Size	1.5MB
Type	Zip archive data, at least v2.0 to extract
MD5	`78b7c12458b63f284b2b0b4386351ddd`
SHA256	`42aff2180bc9658464741f715b0327e6428e02873de5414f146b08f2a6058ad8`
CRC32	`6371C28E`
ssdeep	`24576:zwBkt9oUk3aiQdTyMnaps3Rx7beDY9B00p2B7AGNwfiW1W0ld74Dzq7A5ld74DzQ:bsaiQdTNapmxPgo0W2dAGNul+Dzq7A57`
Yara	None matched

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

host

172.217.25.14

MicroWorld-eScan	JS:Trojan.Cryxos.3903
FireEye	JS:Trojan.Cryxos.3903
CAT-QuickHeal	HTML.Agent.US
Sangfor	Trojan.Generic-JS.Save.bf2409cc
Arcabit	JS:Trojan.Cryxos.DF3F
Cyren	JS/FakeAlert.K
ESET-NOD32	multiple detections
Avast	HTML:EvilCursor-B [Trj]
BitDefender	JS:Trojan.Cryxos.3903
NANO-Antivirus	Trojan.Script.Blocker.eizygn
ViRobot	JS.Z.Agent.90761.A
Emsisoft	JS:Trojan.Cryxos.3903 (B)
Comodo	TrojWare.HTML.FakeAlert.V@7szps4
Sophos	JS/FakeAle-SG
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASTVirus.6B
Microsoft	Trojan:HTML/FakeAlert.AA
AegisLab	Trojan.HTML.Cryxos.4!c
GData	HTML.Trojan-Ransom.TechSupportScam.I (2x)
Rising	Trojan.FakeAlert!8.56B (TOPIS:E0:RAGGD8TV1EO)
Fortinet	JS/Cryxos.DEB1!tr
AVG	HTML:EvilCursor-B [Trj]

edjpx01.zip