Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 12, 2021, 1:24 p.m.	July 12, 2021, 1:31 p.m.

Size	6.1KB
Type	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`3ed273cac81d6427c6682d8893bd43c2`
SHA256	`e7ba00fa12b128020fbcc841892cfcf0ac0ff481873e74eead4bec058cb7a8b4`
CRC32	`7CB4C323`
ssdeep	`192:paj0puajXZX2xJkYINGHePxuYcDzvE2HpSoINiFh236OJizkoxG:8gp2UFOeP4Xw2JQMI3FJUG`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\0071801_002710.js
2948

Name	Response	Post-Analysis Lookup
gedvendo.com.pe

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW July 12, 2021, 1:22 p.m.	url: http://gedvendo.com.pe/8759j3f434 flags: 0	1	1	0
HttpOpenRequestW July 12, 2021, 1:22 p.m.	connect_handle: 0x00cc0008 http_version: flags: 4194304 http_method: GET referer: path: /8759j3f434	1	13369356	0

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW July 12, 2021, 1:22 p.m.	url: http://gedvendo.com.pe/8759j3f434 flags: 0	1	1	0
HttpOpenRequestW July 12, 2021, 1:22 p.m.	connect_handle: 0x00cc0008 http_version: flags: 4194304 http_method: GET referer: path: /8759j3f434	1	13369356	0

MicroWorld-eScan	Trojan.JS.Agent.KVR
CAT-QuickHeal	JS.Dropper.AS
McAfee	JS/Nemucod.eq
Arcabit	HEUR.JS.Trojan.b
Baidu	JS.Trojan-Downloader.Nemucod.w
F-Prot	JS/Locky.R!Eldorado
Symantec	JS.Downloader
ESET-NOD32	JS/TrojanDownloader.Nemucod.UI
TrendMicro-HouseCall	JS_LOCKY.SM2
Avast	JS:Agent-DUP [Trj]
ClamAV	Win.Malware.Locky-13754
Kaspersky	Trojan.JS.Agent.def
BitDefender	Trojan.JS.Agent.KVR
NANO-Antivirus	Trojan.Script.Locky.ebzpxi
AegisLab	Troj.Js.Agent!c
Tencent	Html.Win32.Script.503816
Ad-Aware	Trojan.JS.Agent.KVR
Emsisoft	Trojan.JS.Agent.KVR (B)
Comodo	UnclassifiedMalware
F-Secure	Trojan.JS.Agent.KVR
DrWeb	JS.DownLoader.1370
VIPRE	Malware.JS.Generic (JS)
TrendMicro	JS_LOCKY.SM2
McAfee-GW-Edition	JS/Nemucod.eq
Sophos	Troj/JSDldr-HY
Cyren	JS/Locky.R.gen
Jiangmin	TrojanDownloader.JS.bcys
Avira	JS/Dldr.Dridex.777
Antiy-AVL	Trojan[Downloader]/JS.Nemucod.uv
Microsoft	TrojanDownloader:JS/Swabfex.P
ViRobot	JS.S.Downloader.6198.A
AhnLab-V3	JS/Downloader
ZoneAlarm	Trojan.JS.Agent.def
GData	Script.Trojan-Downloader.Nemucod.BC
ALYac	Trojan.JS.Agent.KVR
AVware	Malware.JS.Generic (JS)
MAX	malware (ai score=81)
Rising	Downloader.Nemucod!8.34 (TOPIS:IlnnDf94nMT)
Ikarus	Trojan-Ransom.Script.Locky
Fortinet	JS/Nemucod.ACA!tr
AVG	JS:Agent-DUP [Trj]
Qihoo-360	trojan.js.downloader.1

0071801_002710.js