Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 19, 2024, 1:34 p.m.	June 19, 2024, 1:36 p.m.

Size	7.0KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`52251be9db3c249a21b437db2186a21c`
SHA256	`2a3e1c948716f57abd9b601a7dc01da40a34c0c1e3535fe4db5bb482dbc2e1c4`
CRC32	`259FB1F0`
ssdeep	`192:y7ArDZNNS8PqF7ZCT2xkwlSvsbO/VM0QPl0zDnL:SArDYYqaTS5cKeL`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\adobex.js
292

Name	Response	Post-Analysis Lookup
postutopia.net	A 51.254.27.105	51.254.27.105

IP Address	Status	Action
164.124.101.2	Active	Moloch
51.254.27.105	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW June 19, 2024, 1:26 p.m.	url: https://postutopia.net/wp-includes/images/smilies/icon-smile-kl.js flags: 0	1	1	0
HttpOpenRequestW June 19, 2024, 1:26 p.m.	connect_handle: 0x00cc0008 http_version: flags: 12582912 http_method: GET referer: path: /wp-includes/images/smilies/icon-smile-kl.js	1	13369356	0

Time & API	Arguments	Status	Return
InternetCrackUrlW June 19, 2024, 1:26 p.m.	url: https://postutopia.net/wp-includes/images/smilies/icon-smile-kl.js flags: 0	1	1
HttpOpenRequestW June 19, 2024, 1:26 p.m.	connect_handle: 0x00cc0008 http_version: flags: 12582912 http_method: GET referer: path: /wp-includes/images/smilies/icon-smile-kl.js	1	13369356
send June 19, 2024, 1:26 p.m.	buffer: ! socket: 824 sent: 1	1	1

Lionic	Trojan.Script.Cryxos.4!c
Skyhigh	BehavesLike.JS.Downloader.zx
ALYac	JS:Trojan.Cryxos.10732
VIPRE	JS:Trojan.Cryxos.10732
Arcabit	JS:Trojan.Cryxos.D29EC
Symantec	ISB.Downloader!gen60
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	JS:Trojan.Cryxos.10732
NANO-Antivirus	Trojan.Script.Heuristic-js.iacgm
MicroWorld-eScan	JS:Trojan.Cryxos.10732
Emsisoft	JS:Trojan.Cryxos.10732 (B)
FireEye	JS:Trojan.Cryxos.10732
Sophos	JS/Drop-DHB
Ikarus	Trojan.JS.Cryxos
Google	Detected
Kingsoft	Script.Trojan.Generic.a
Microsoft	TrojanDownloader:Win32/Nemucod!ml
ZoneAlarm	HEUR:Trojan.Script.Generic
GData	JS:Trojan.Cryxos.10732
MAX	malware (ai score=89)
alibabacloud	Trojan:Multi/Cryxos.Gen

dead_host

51.254.27.105:443

adobex.js