Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 9, 2023, 10 a.m. | June 9, 2023, 10:03 a.m. |
-
default-browser-agent.exe "C:\Users\test22\AppData\Local\Temp\default-browser-agent.exe"
1504
Name | Response | Post-Analysis Lookup |
---|---|---|
gulf.moneroocean.stream |
CNAME
monerooceans.stream
|
54.250.156.221 |
conn.gta5cheatcode.world | 194.180.48.231 | |
pastebin.com | 172.67.34.170 | |
ppanel.freaktorrentz.xyz | 188.165.24.131 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49164 -> 104.20.67.143:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
TCP 192.168.56.103:49165 -> 188.165.24.131:80 | 2011341 | ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection | A Network Trojan was detected |
TCP 192.168.56.103:49165 -> 188.165.24.131:80 | 2035420 | ET MALWARE Win32/Pripyat Activity (POST) | A Network Trojan was detected |
TCP 192.168.56.103:49165 -> 188.165.24.131:80 | 2031189 | ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing | Misc activity |
TCP 192.168.56.103:49166 -> 194.180.48.231:3333 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
UDP 192.168.56.103:53673 -> 164.124.101.2:53 | 2027870 | ET INFO Observed DNS Query to .world TLD | Potentially Bad Traffic |
TCP 192.168.56.103:49166 -> 194.180.48.231:3333 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.103:49164 104.20.67.143:443 |
None | None | None |
TLS 1.3 192.168.56.103:49163 54.250.156.221:20128 |
None | None | None |
suspicious_features | POST method with no referer header | suspicious_request | POST http://ppanel.freaktorrentz.xyz/x/y/z/WebPanel/api/endpoint.php |
request | POST http://ppanel.freaktorrentz.xyz/x/y/z/WebPanel/api/endpoint.php |
request | POST http://ppanel.freaktorrentz.xyz/x/y/z/WebPanel/api/endpoint.php |
section | {u'size_of_data': u'0x009a2800', u'virtual_address': u'0x0001c000', u'entropy': 7.624603045348705, u'name': u'.data', u'virtual_size': u'0x009a26e0'} | entropy | 7.62460304535 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x0000e800', u'virtual_address': u'0x009cd000', u'entropy': 6.980505712685737, u'name': u'.rsrc', u'virtual_size': u'0x0000e640'} | entropy | 6.98050571269 | description | A section with a high entropy has been found | |||||||||
entropy | 0.986285032797 | description | Overall entropy of this PE file is high |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Barys.429302 |
K7GW | Trojan ( 005a508c1 ) |
K7AntiVirus | Trojan ( 005a508c1 ) |
Cyren | W64/Injector.BMR.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/GenKryptik.GIIA |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Variant.Barys.429302 |
Emsisoft | Gen:Variant.Barys.429302 (B) |
VIPRE | Gen:Variant.Barys.429302 |
FireEye | Gen:Variant.Barys.429302 |
GData | Gen:Variant.Barys.429302 |
Arcabit | Trojan.Barys.D68CF6 |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.R571995 |
ALYac | Gen:Variant.Barys.429302 |
MAX | malware (ai score=86) |
Rising | Trojan.DisguisedXMRigMiner!8.12EF7 (TFE:5:YhzrPCllRHI) |
Ikarus | Trojan.Win64.Krypt |
Fortinet | W64/GenKryptik.GIIA!tr |