Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 7, 2024, 5:04 p.m.	Sept. 7, 2024, 5:06 p.m.

Size	367.8KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`961caa8b91ecbca3ce8601dc4a515e51`
SHA256	`320ccbaab0c9d5cd7da65b3323b6e3d3cf36c5010d7f80598861150fa809eceb`
CRC32	`8734D235`
ssdeep	`6144:GzdCKaqZLkV/n8aYvP38RLUY9msegR1t7C/sNpyy7xMCU8mnQATi5WOQ4qail:ugKdeLUcm7gPgsPL+8mQAe5Gdd`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\java.js
2640
- javaw.exe "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\test22\AppData\Local\Temp\VjX.jar"
  2780

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 7, 2024, 4:56 p.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 7, 2024, 4:56 p.m.	process_identifier: 2780 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002490000 process_handle: 0xffffffffffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\VjX.jar

parent_process	wscript.exe				martian_process	"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\test22\AppData\Local\Temp\VjX.jar"
parent_process	wscript.exe				martian_process	C:\Users\test22\AppData\Local\Temp\VjX.jar

Lionic	Trojan.Script.Cryxos.b!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.JS.Exploit.fm
ALYac	JS:Trojan.Cryxos.5674
VIPRE	JS:Trojan.Cryxos.5674
Arcabit	JS:Trojan.Cryxos.D162A
Symantec	JS.Downloader
ESET-NOD32	JS/TrojanDropper.Agent.OEY
Avast	JS:Dropper-AADL [Drp]
Kaspersky	HEUR:Trojan-Dropper.Script.Generic
BitDefender	JS:Trojan.Cryxos.5674
NANO-Antivirus	Trojan.Script.Dropper.jpdkao
MicroWorld-eScan	JS:Trojan.Cryxos.5674
Emsisoft	JS:Trojan.Cryxos.5674 (B)
F-Secure	Malware.JS/Dldr.G8
TrendMicro	HEUR_JS.O.ELBP
FireEye	JS:Trojan.Cryxos.5674
Ikarus	Trojan-Dropper.JS.Agent
Google	Detected
Avira	JS/Dldr.G8
MAX	malware (ai score=88)
Microsoft	Trojan:Script/Wacatac.B!ml
GData	JS:Trojan.Cryxos.5674
Varist	JS/Agent.AXL!Eldorado
Tencent	Script.Trojan-Dropper.Generic.Adhl
huorong	TrojanDropper/JS.Agent.bi
AVG	JS:Dropper-AADL [Drp]
alibabacloud	Trojan[dropper]:Javascript/Cryxos.Gen

count

2544

name

heapspray

process

javaw.exe

total_mb

636

length

262144

protection

PAGE_READWRITE

file	C:\Program Files\Java\jre7\bin\javaw.exe

java.js