Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 10, 2023, 9:14 a.m. | Sept. 10, 2023, 9:20 a.m. |
-
verify.exe "C:\Users\test22\AppData\Local\Temp\verify.exe"
2556
Name | Response | Post-Analysis Lookup |
---|---|---|
gulf.moneroocean.stream |
CNAME
monerooceans.stream
|
54.250.156.221 |
ppanel.pornsworld.xyz | 172.67.185.119 | |
pastebin.com | 104.20.68.143 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49164 -> 104.20.67.143:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
TCP 192.168.56.101:49167 -> 172.67.185.119:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
TCP 192.168.56.101:49166 -> 172.67.185.119:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.101:49164 104.20.67.143:443 |
None | None | None |
TLS 1.3 192.168.56.101:49165 54.250.156.221:20128 |
None | None | None |
TLS 1.3 192.168.56.101:49167 172.67.185.119:443 |
None | None | None |
TLS 1.3 192.168.56.101:49163 54.250.156.221:20128 |
None | None | None |
TLS 1.3 192.168.56.101:49166 172.67.185.119:443 |
None | None | None |
section | {u'size_of_data': u'0x009a2200', u'virtual_address': u'0x0001b000', u'entropy': 7.650154342281097, u'name': u'.data', u'virtual_size': u'0x009a20a0'} | entropy | 7.65015434228 | description | A section with a high entropy has been found | |||||||||
entropy | 0.952171814672 | description | Overall entropy of this PE file is high |
Bkav | W32.Common.D8AF5665 |
Lionic | Trojan.Win32.Miner.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Heur.Molotov.IM.39.100 |
CAT-QuickHeal | Trojan.Win64 |
McAfee | Artemis!73E4F82277D7 |
Cylance | unsafe |
Sangfor | Trojan.Win64.Kryptik.Vs3l |
K7AntiVirus | Trojan ( 005a508c1 ) |
Alibaba | Trojan:Win64/Miner.b3dde8eb |
K7GW | Trojan ( 005a508c1 ) |
Cybereason | malicious.e0dd41 |
Arcabit | Trojan.Molotov.IM.39.100 |
Cyren | W64/Injector.BMR.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/Kryptik.DZL |
Cynet | Malicious (score: 99) |
Kaspersky | HEUR:Trojan.Win64.Miner.pef |
BitDefender | Gen:Heur.Molotov.IM.39.100 |
Avast | Win64:CrypterX-gen [Trj] |
Tencent | Win32.Trojan.FalseSign.Nsmw |
Sophos | Mal/Generic-S |
F-Secure | Trojan.TR/Kryptik.zhbwa |
DrWeb | Trojan.Siggen21.27111 |
VIPRE | Gen:Heur.Molotov.IM.39.100 |
TrendMicro | Trojan.Win64.SMOKELOADER.YXDIGZ |
McAfee-GW-Edition | Artemis!Trojan |
FireEye | Gen:Heur.Molotov.IM.39.100 |
Emsisoft | Gen:Heur.Molotov.IM.39.100 (B) |
Webroot | W32.Trojan.Win64.Miner |
Avira | TR/Kryptik.zhbwa |
Antiy-AVL | Trojan/Win64.GenKryptik |
Gridinsoft | Ransom.Win64.Sabsik.sa |
Microsoft | Trojan:Win64/XMRig.CCAN!MTB |
ZoneAlarm | HEUR:Trojan.Win64.Miner.pef |
GData | Gen:Heur.Molotov.IM.39.100 |
Detected | |
AhnLab-V3 | Trojan/Win.Generic.R571995 |
ALYac | Gen:Heur.Molotov.IM.39.100 |
MAX | malware (ai score=89) |
Malwarebytes | Crypt.Trojan.MSIL.DDS |
Panda | Trj/GdSda.A |
TrendMicro-HouseCall | Trojan.Win64.SMOKELOADER.YXDIGZ |
Rising | Trojan.DisguisedXMRigMiner!8.12EF7 (TFE:5:YhzrPCllRHI) |
Ikarus | Trojan.Win64.Krypt |
Fortinet | W64/GenKryptik.GIIA!tr |
AVG | Win64:CrypterX-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_60% (W) |