Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 22, 2023, 4:14 p.m.	May 22, 2023, 4:17 p.m.

Size	3.9MB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`cc20a54b21aac972382d5ad53f67e91b`
SHA256	`223f3184613545c3afee56ade4e84e731b7cca237acfab14dbdd58cc8deb48f4`
CRC32	`03523538`
ssdeep	`98304:2RF+GA7R+afsMveTDN6US+8B4JZZACYrsa:XGANzmTDN6UOBIZACYrs`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware

xmrig32.exe "C:\Users\test22\AppData\Local\Temp\xmrig32.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA May 22, 2023, 4:14 p.m.	buffer: [2023-05-22 17:54:52.671] unable to open "C:\Users\test22\AppData\Local\Temp\config.json". console_handle: 0x00000007	1	1	0
WriteConsoleA May 22, 2023, 4:14 p.m.	buffer: [2023-05-22 17:54:52.671] no valid configuration found. console_handle: 0x00000007	1	1	0

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Application.CoinMiner.1.A2F1758B
ClamAV	Win.Coinminer.Generic-7151250-0
FireEye	Generic.mg.cc20a54b21aac972
CAT-QuickHeal	PUA.GenericPMF.S19523731
ALYac	Generic.Application.CoinMiner.1.A2F1758B
Malwarebytes	Virut.Virus.FileInfector.DDS
Zillya	Trojan.CoinMiner.Win32.24408
Sangfor	Miner.Win32.Deepscan_115.se2
K7AntiVirus	Trojan ( 0053a0551 )
Alibaba	RiskWare:Win32/Miners.96ddfc18
K7GW	Trojan ( 0053a0551 )
Cybereason	malicious.b21aac
Arcabit	Generic.Application.CoinMiner.1.A2F1758B
BitDefenderTheta	Gen:NN.ZexaF.36196.4N1@aWf8rqgi
Cyren	W32/Coinminer.CFJL-2540
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/CoinMiner.JU potentially unwanted
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan.Win32.Convagent.gen
BitDefender	Generic.Application.CoinMiner.1.A2F1758B
NANO-Antivirus	Riskware.Win32.BtcMine.glouaq
Avast	Win32:Miner-HK [Trj]
Tencent	Malware.Win32.Gencirc.118ced7b
Emsisoft	Generic.Application.CoinMiner.1.A2F1758B (B)
F-Secure	Heuristic.HEUR/AGEN.1341908
DrWeb	Tool.BtcMine.2234
VIPRE	Generic.Application.CoinMiner.1.A2F1758B
TrendMicro	Coinminer.Win32.MALXMR.SMBM4
McAfee-GW-Edition	GenericRXIW-XN!CC20A54B21AA
Trapmine	malicious.high.ml.score
Sophos	XMRig Miner (PUA)
SentinelOne	Static AI - Malicious PE
Jiangmin	RiskTool.BitMiner.bznh
Webroot	Bitcoinminer.Gen
Avira	HEUR/AGEN.1341908
Antiy-AVL	Trojan[Miner]/Win64.Xmrig.gen
Gridinsoft	Trojan.Win32.Gen.bot
ViRobot	Adware.Coinminer.4076544.B
ZoneAlarm	VHO:Trojan.Win32.Convagent.gen
GData	Win32.Application.Coinminer.BU
Google	Detected
AhnLab-V3	Unwanted/Win32.RL_CoinMiner.R303119
McAfee	GenericRXIW-XN!CC20A54B21AA
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Miner
Cylance	unsafe

xmrig32.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All