Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 7, 2021, 7:01 p.m.	Sept. 7, 2021, 7:03 p.m.

Size	4.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`0b85eae86038116041ecc8d24ba2fadb`
SHA256	`cd0dcc3d3aab1dc613cd5b1ea4d3a066ab20768c60babb1a4e79df9da9144218`
CRC32	`FDB225D0`
ssdeep	`98304:XuiktN+QTXzrPsEpjmVVy64pAduk5PzF5OzJuSj9YHuu:X9nVVb4pAdHzF5Efj9YHf`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Packer_Zero - Malicious Packer

rig.exe "C:\Users\test22\AppData\Local\Temp\rig.exe"
2088

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 7, 2021, 7:01 p.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	_RANDOMX
section	_SHA3_25
section	_TEXT_CN
section	_RDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 7, 2021, 7:01 p.m.	process_identifier: 2088 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Miner.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Application.Miner.2
FireEye	Generic.mg.0b85eae860381160
CAT-QuickHeal	Trojan.CoinMiner
McAfee	GenericRXAA-AA!0B85EAE86038
Cylance	Unsafe
Zillya	Tool.BitMiner.Win32.2745
Sangfor	Trojan.Win64.XMR.Miner
CrowdStrike	win/malicious_confidence_70% (D)
Alibaba	Trojan:Win32/Coinminer.2cc
K7GW	Trojan ( 005697011 )
K7AntiVirus	Trojan ( 005697011 )
Cyren	W64/Coinminer.BN.gen!Eldorado
ESET-NOD32	a variant of Win64/CoinMiner.QG potentially unwanted
APEX	Malicious
Avast	Win64:CoinminerX-gen [Trj]
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	HEUR:Trojan.Win32.Miner.gen
BitDefender	Gen:Variant.Application.Miner.2
NANO-Antivirus	Trojan.Win64.Miner.izdwzx
Tencent	Win32.Trojan.Miner.Hfh
Ad-Aware	Gen:Variant.Application.Miner.2
Sophos	XMRig Miner (PUA)
DrWeb	Tool.BtcMine.2562
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_FRS.0NA103G821
Emsisoft	Gen:Variant.Application.Miner.2 (B)
Paloalto	generic.ml
Jiangmin	Trojan.Miner.qdd
Webroot	Bitcoinminer.Gen
Avira	HEUR/AGEN.1134782
MAX	malware (ai score=75)
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win64.CoinMiner.vb
Arcabit	Trojan.Application.Miner.2
ViRobot	Adware.Coinminer.4688384
ZoneAlarm	HEUR:Trojan.Win32.Miner.gen
GData	Win64.Application.Coinminer.CP
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Miner3.Exp
Acronis	suspicious
ALYac	Gen:Variant.Application.Miner.2
VBA32	Trojan.Miner
Malwarebytes	RiskWare.BitCoinMiner
TrendMicro-HouseCall	TROJ_FRS.0NA103G821
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex	Riskware.Agent!fE2REGMDfnE
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.11387115.susgen

rig.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All