Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | April 7, 2023, 6:21 p.m. | April 7, 2023, 6:23 p.m. |
-
Updater.exe "C:\Users\test22\AppData\Local\Temp\Updater.exe"
300
Name | Response | Post-Analysis Lookup |
---|---|---|
pastebin.com | 104.20.68.143 | |
xmr.2miners.com | 162.19.139.184 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49164 -> 104.20.68.143:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2040353 | ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) | Crypto Currency Mining Activity Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.103:49163 162.19.139.184:12222 |
None | None | None |
TLS 1.3 192.168.56.103:49164 104.20.68.143:443 |
None | None | None |
TLS 1.3 192.168.56.103:49165 162.19.139.184:12222 |
None | None | None |
section | {u'size_of_data': u'0x009a2400', u'virtual_address': u'0x00020000', u'entropy': 7.61805324893538, u'name': u'.data', u'virtual_size': u'0x009a2220'} | entropy | 7.61805324894 | description | A section with a high entropy has been found | |||||||||
entropy | 0.977506936187 | description | Overall entropy of this PE file is high |
Lionic | Trojan.Win32.Injector.4!c |
MicroWorld-eScan | Application.Generic.3414912 |
FireEye | Application.Generic.3414912 |
CAT-QuickHeal | Trojan.Agent |
ALYac | Application.Generic.3414912 |
Cylance | unsafe |
VIPRE | Application.Generic.3414912 |
Sangfor | Trojan.Win64.Kryptik.Vhew |
Alibaba | Trojan:Win64/GenKryptik.eaf1e3cd |
K7GW | Trojan ( 005a1ef11 ) |
K7AntiVirus | Trojan ( 005a1ef11 ) |
Arcabit | Application.Generic.D341B80 |
VirIT | Trojan.Win64.Genus.PO |
Cyren | W64/ABRisk.EBYR-0635 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win64/GenKryptik.GIIA |
Cynet | Malicious (score: 99) |
Paloalto | generic.ml |
Kaspersky | Trojan.Win32.Agent.xavnes |
BitDefender | Application.Generic.3414912 |
NANO-Antivirus | Trojan.Win64.Hosts.jvisvl |
Avast | Win64:Evo-gen [Trj] |
Tencent | Win32.Trojan.FalseSign.Eflw |
Sophos | Generic Reputation PUA (PUA) |
F-Secure | Trojan.TR/AD.Nekark.wjaad |
DrWeb | Trojan.Hosts.51203 |
TrendMicro | TROJ_GEN.R002C0DD623 |
McAfee-GW-Edition | Artemis!Trojan |
Emsisoft | Application.Generic.3414912 (B) |
Ikarus | Trojan.Win64.Agent |
Webroot | W32.Trojan.Gen |
Avira | TR/AD.Nekark.wjaad |
Antiy-AVL | Trojan/Win64.GenKryptik |
Gridinsoft | Trojan.Win64.Gen.bot |
Xcitium | Malware@#38zvo226ygp71 |
Microsoft | Trojan:Win64/Xmrig!MTB |
ZoneAlarm | Trojan.Win32.Agent.xavnes |
GData | Application.Generic.3414912 |
Detected | |
McAfee | Artemis!6FA2A8DE3FC3 |
MAX | malware (ai score=79) |
VBA32 | Trojan.Win64.GenKryptik |
Malwarebytes | Trojan.Crypt |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | TROJ_GEN.R002C0DD623 |
Rising | Trojan.Kryptik!8.8 (TFE:5:tSjl4DNY5BP) |
MaxSecure | Trojan.Malware.204949125.susgen |
Fortinet | W64/GenKryptik.GIIA!tr |
AVG | Win64:Evo-gen [Trj] |