Srveises.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | June 16, 2023, 7:29 a.m. | June 16, 2023, 7:31 a.m. |
-
Srveises.exe "C:\Users\test22\AppData\Local\Temp\Srveises.exe"
1684
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| accept-file.com | 45.32.146.65 | |
| xmr.2miners.com | 162.19.139.184 |
Suricata Alerts
Suricata TLS
No Suricata TLS
| suspicious_features | POST method with no referer header | suspicious_request | POST http://accept-file.com/dashboard/para/un/api/endpoint.php | ||||||
| request | POST http://accept-file.com/dashboard/para/un/api/endpoint.php |
| request | POST http://accept-file.com/dashboard/para/un/api/endpoint.php |
| section | {u'size_of_data': u'0x001fbc00', u'virtual_address': u'0x0000c000', u'entropy': 7.964984684579491, u'name': u'.data', u'virtual_size': u'0x001fbb60'} | entropy | 7.96498468458 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.973167225683 | description | Overall entropy of this PE file is high | |||||||||||
| Elastic | malicious (high confidence) |
| FireEye | Generic.mg.863359773158308a |
| Malwarebytes | Generic.Trojan.Malpack.DDS |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0059d3f31 ) |
| K7GW | Trojan ( 0059d3f31 ) |
| Cybereason | malicious.6827d7 |
| Symantec | ML.Attribute.HighConfidence |
| Cynet | Malicious (score: 100) |
| APEX | Malicious |
| F-Secure | Trojan.TR/Crypt.EPACK.Gen2 |
| McAfee-GW-Edition | BehavesLike.Win64.Sality.vc |
| Sophos | Troj/Miner-AFR |
| Avira | TR/Crypt.EPACK.Gen2 |
| Microsoft | Trojan:Win64/CoinMiner.ES!MTB |
| Detected | |
| AhnLab-V3 | Trojan/Win.Generic.R534006 |
| McAfee | Artemis!863359773158 |
| Tencent | Win32.Trojan.Miner.Usmw |
| Ikarus | Trojan.Win64.CoinMiner |
| Fortinet | W64/Agent.AGENMM!tr |
| CrowdStrike | win/malicious_confidence_70% (D) |