Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 31, 2023, 11:04 a.m.	July 31, 2023, 11:04 a.m.

Size	7.8MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`e08b723ca187ecfef73c1b7b5f0ecfc8`
SHA256	`15c357922747ce8768f5567a74ea2ba8f6d1755b220d1007e89b913d940a86cc`
CRC32	`25CE3177`
ssdeep	`98304:xLsUYfB9pOp/BWLbrkShfa+XQD/YPLTDtU5SXXMQHJw7ZB87TtIeUK+MzfL7cybS:Cgp/NQ7rfWOlb1paSbkJFsxfKLNIS`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check XMRig_Miner_IN - XMRig Miner IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware

sys.exe "C:\Users\test22\AppData\Local\Temp\sys.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA July 31, 2023, 11:04 a.m.	computer_name: TEST22-PC	1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 31, 2023, 11:04 a.m.	process_identifier: 2552 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.Common.2B970C44
Lionic	Trojan.Win32.Convagent.4!c
MicroWorld-eScan	Trojan.GenericKD.68368925
ClamAV	Win.Coinminer.Generic-7151250-0
FireEye	Generic.mg.e08b723ca187ecfe
McAfee	W64/CoinMiner!E08B723CA187
Cylance	unsafe
Zillya	Tool.BitCoinMiner.Win32.42283
Sangfor	Trojan.Win64.XMR.Miner
K7AntiVirus	Adware ( 005300251 )
Alibaba	RiskWare:Win64/Miners.3ef7a4b2
K7GW	Adware ( 005300251 )
Cybereason	malicious.45fbb0
Arcabit	Trojan.Generic.D4133A1D
Cyren	W64/ABRisk.LESC-4855
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/CoinMiner.IZ potentially unwanted
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan.Win64.Convagent.gen
BitDefender	Trojan.GenericKD.68368925
Avast	Win64:CoinminerX-gen [Trj]
Tencent	Risktool.Win64.Bitminer.16000063
Emsisoft	Trojan.GenericKD.68368925 (B)
VIPRE	Trojan.GenericKD.68368925
TrendMicro	TROJ_GEN.R002C0DGQ23
McAfee-GW-Edition	W64/CoinMiner!E08B723CA187
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Adware.Gen
Antiy-AVL	Trojan[Miner]/Win64.Xmrig.gen
Gridinsoft	Trojan.Win64.Gen.bot
Microsoft	Trojan:Win64/DisguisedXMRigMiner
ZoneAlarm	VHO:Trojan.Win64.Convagent.gen
GData	Win32.Application.CoinMiner.Y
Google	Detected
ALYac	Trojan.GenericKD.68368925
MAX	malware (ai score=88)
Malwarebytes	Trojan.BitCoinMiner
TrendMicro-HouseCall	TROJ_GEN.R002C0DGQ23
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex	Riskware.Agent!BlUpQyX6a8Y
Ikarus	PUA.CoinMiner
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Riskware/CoinMiner.PO
AVG	Win64:CoinminerX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_70% (D)

sys.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All