AMDx46.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | July 7, 2023, 6:05 p.m. | July 7, 2023, 6:07 p.m. |
-
AMDx46.exe "C:\Users\test22\AppData\Local\Temp\AMDx46.exe"
2556
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| xmr.2miners.com | 162.19.139.184 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49165 -> 162.19.139.184:2222 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49163 -> 162.19.139.184:2222 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49163 -> 162.19.139.184:2222 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2040353 | ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) | Crypto Currency Mining Activity Detected |
| TCP 192.168.56.101:49164 -> 45.142.182.146:80 | 2035420 | ET MALWARE Win32/Pripyat Activity (POST) | A Network Trojan was detected |
| TCP 192.168.56.101:49166 -> 45.142.182.146:80 | 2035420 | ET MALWARE Win32/Pripyat Activity (POST) | A Network Trojan was detected |
| TCP 192.168.56.101:49165 -> 162.19.139.184:2222 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://45.142.182.146/dashboard/para/un/api/endpoint.php | ||||||
| request | POST http://45.142.182.146/dashboard/para/un/api/endpoint.php |
| request | POST http://45.142.182.146/dashboard/para/un/api/endpoint.php |
| section | {u'size_of_data': u'0x001fbc00', u'virtual_address': u'0x0000c000', u'entropy': 7.967101605198457, u'name': u'.data', u'virtual_size': u'0x001fbb80'} | entropy | 7.9671016052 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.973167225683 | description | Overall entropy of this PE file is high | |||||||||||
| host | 45.142.182.146 | |||
| Lionic | Trojan.Win32.Miner.4!c |
| FireEye | Generic.mg.759300ac41209528 |
| McAfee | Artemis!759300AC4120 |
| Malwarebytes | Generic.Trojan.Malpack.DDS |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0059d3f31 ) |
| K7GW | Trojan ( 0059d3f31 ) |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cyren | W64/Coinminer.FY |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of Win64/Kryptik.DQA |
| Cynet | Malicious (score: 100) |
| APEX | Malicious |
| ClamAV | Win.Dropper.Detected-9978776-0 |
| Kaspersky | UDS:Trojan.Win32.Miner |
| Avast | Win64:Evo-gen [Trj] |
| Sophos | Troj/Miner-AFR |
| F-Secure | Trojan.TR/Crypt.EPACK.Gen2 |
| McAfee-GW-Edition | BehavesLike.Win64.Generic.vc |
| Ikarus | Trojan.Win64.CoinMiner |
| Avira | TR/Crypt.EPACK.Gen2 |
| Microsoft | Trojan:Win64/CoinMiner.ES!MTB |
| ZoneAlarm | UDS:Trojan.Win32.Miner |
| GData | Win64.Trojan.Agent.O60H15 |
| Detected | |
| AhnLab-V3 | Trojan/Win.Generic.R534006 |
| Cylance | unsafe |
| Panda | Trj/Chgt.AD |
| Rising | Trojan.Agent!8.B1E (TFE:5:OnrqKPld52N) |
| SentinelOne | Static AI - Suspicious PE |
| Fortinet | W64/Agent.AGENMM!tr |
| AVG | Win64:Evo-gen [Trj] |
| DeepInstinct | MALICIOUS |