Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 12, 2023, 3:15 p.m.	July 12, 2023, 3:17 p.m.

Size	7.9MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4813fa6d610e180b097eae0ce636d2aa`
SHA256	`9ef2e8714e85dcd116b709894b43babb4a0872225ae7363152013b7fd1bc95bc`
CRC32	`04A4594C`
ssdeep	`98304:ZLsUYfB9pOp/BWLbrkShfa+XQD/YPLTDtU5SXXMQHJw7ZB87TtIeUK+MzfL7cybS:Kgp/NQ7rfWOlb1paSbkJFsxfKLNIS`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware

xmrig.exe "C:\Users\test22\AppData\Local\Temp\xmrig.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA July 12, 2023, 3:15 p.m.	computer_name: TEST22-PC	1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 12, 2023, 3:15 p.m.	process_identifier: 2556 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000520000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.Common.ED2714C8
Lionic	Riskware.Win32.BitCoinMiner.1!c
MicroWorld-eScan	Gen:Variant.Application.Miner.2
FireEye	Generic.mg.4813fa6d610e180b
ALYac	Gen:Variant.Application.Miner.2
Malwarebytes	Neshta.Virus.FileInfector.DDS
Sangfor	Trojan.Win64.XMR.Miner
K7AntiVirus	Riskware ( 005622c31 )
Alibaba	RiskWare:Win64/Miners.a90d1904
K7GW	Riskware ( 005622c31 )
Cybereason	malicious.d610e1
Arcabit	Trojan.Application.Miner.2
Cyren	W64/Coinminer.BN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/CoinMiner.IZ potentially unwanted
Cynet	Malicious (score: 100)
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	VHO:Trojan.Win64.Convagent.gen
BitDefender	Gen:Variant.Application.Miner.2
NANO-Antivirus	Riskware.Win64.BitCoinMiner.jxdvvm
Avast	Win64:CoinminerX-gen [Trj]
Tencent	Risktool.Win64.Bitminer.16000063
Sophos	XMRig Miner (PUA)
VIPRE	Gen:Variant.Application.Miner.2
TrendMicro	TROJ_GEN.R002C0PG323
McAfee-GW-Edition	W64/CoinMiner!4813FA6D610E
Emsisoft	Gen:Variant.Application.Miner.2 (B)
SentinelOne	Static AI - Malicious PE
Webroot	Bitcoinminer.Gen
Antiy-AVL	Trojan[Miner]/Win64.Xmrig.gen
Gridinsoft	Trojan.Win64.Gen.bot
ZoneAlarm	VHO:Trojan.Win64.Convagent.gen
GData	Win32.Application.CoinMiner.Y
Google	Detected
AhnLab-V3	Unwanted/Win.BitMiner.R589756
Acronis	suspicious
McAfee	W64/CoinMiner!4813FA6D610E
MAX	malware (ai score=79)
VBA32	Trojan.Win64.Convagent
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0PG323
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex	Riskware.Agent!BlUpQyX6a8Y
Ikarus	PUA.CoinMiner
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Riskware/CoinMiner.PO
AVG	Win64:CoinminerX-gen [Trj]
DeepInstinct	MALICIOUS

xmrig.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All