Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 10, 2021, 9:20 a.m. | April 10, 2021, 9:22 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
r3---sn-3u-bh26.gvt1.com |
CNAME
r3.sn-3u-bh26.gvt1.com
|
59.18.44.14 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:2918620959&cup2hreq=20b23180095e8ee832d7a3e00a81651de5511b478ee0c64cc6d1faa93c33504d |
request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe |
request | HEAD http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1618013728&mv=u&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes |
request | GET http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1618013728&mv=u&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes |
request | POST https://update.googleapis.com/service/update2?cup2key=10:2918620959&cup2hreq=20b23180095e8ee832d7a3e00a81651de5511b478ee0c64cc6d1faa93c33504d |
request | POST https://update.googleapis.com/service/update2?cup2key=10:2918620959&cup2hreq=20b23180095e8ee832d7a3e00a81651de5511b478ee0c64cc6d1faa93c33504d |
section | {u'size_of_data': u'0x003b0800', u'virtual_address': u'0x01a6e000', u'entropy': 7.9999360940513995, u'name': u'UPX1', u'virtual_size': u'0x003b1000'} | entropy | 7.99993609405 | description | A section with a high entropy has been found | |||||||||
entropy | 0.999603122106 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
host | 142.250.66.67 | |||
host | 172.217.25.14 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Application.Coinminer.HS |
FireEye | Application.Coinminer.HS |
ALYac | Application.Coinminer.HS |
Cylance | Unsafe |
Sangfor | CoinMiner.Win32.Agent.mt |
K7GW | Adware ( 00576ae61 ) |
K7AntiVirus | Adware ( 00576ae61 ) |
Cyren | W64/Trojan.QDFS-0745 |
Symantec | Miner.Bitcoinminer |
ESET-NOD32 | a variant of Win64/CoinMiner.PM potentially unwanted |
APEX | Malicious |
Avast | FileRepMalware [PUP] |
BitDefender | Application.Coinminer.HS |
Paloalto | generic.ml |
Rising | HackTool.CoinMiner!8.F154 (CLOUD) |
Ad-Aware | Application.Coinminer.HS |
Comodo | ApplicUnwnt@#35as3iiatmqs8 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_FRS.VSNTBN21 |
McAfee-GW-Edition | Artemis!PUP |
Emsisoft | Application.Miner (A) |
SentinelOne | Static AI - Suspicious PE |
Jiangmin | RiskTool.Generic.pmp |
Avira | PUA/CoinMiner.GU |
MAX | malware (ai score=99) |
Microsoft | PUA:Win32/CoinMiner |
Gridinsoft | Trojan.CoinMiner.dd!c |
GData | Application.Coinminer.HS |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Win-Trojan/Miner3.Exp |
McAfee | Artemis!3C9DCC91E05D |
Malwarebytes | RiskWare.BitCoinMiner |
TrendMicro-HouseCall | TROJ_FRS.VSNTBN21 |
Ikarus | PUA.CoinMiner |
Fortinet | Riskware/CoinMiner |
Webroot | W32.Coinminer |
AVG | FileRepMalware [PUP] |
Cybereason | malicious.1e05dc |
Panda | PUP/CoinMiner |