Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 18, 2023, 7:44 a.m.	Oct. 18, 2023, 7:55 a.m.

Size	5.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`8e0907f52947b06a7b2f4a3ff064ec2d`
SHA256	`f5337c8755def6dfe13adfefb348a01d4b569d731e4ee40561587079c0e54486`
CRC32	`8552569C`
ssdeep	`98304:yzMMH/yXitS8hC0qmtmHTUZ6F8V8s1TQU3Cf/J3+EbL2Is:yo7z8h3qm1Z641lSZ3K`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

silent.exe "C:\Users\test22\AppData\Local\Temp\silent.exe"
2556

Name	Response	Post-Analysis Lookup
xmr-us-east1.nanopool.org	A 144.217.14.109 A 142.44.243.6 A 192.99.69.170 A 144.217.14.139 A 142.44.242.100	144.217.14.139

IP Address	Status	Action
142.44.242.100	Active	Moloch
142.44.243.6	Active	Moloch
144.217.14.109	Active	Moloch
144.217.14.139	Active	Moloch
164.124.101.2	Active	Moloch
192.99.69.170	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2033268	ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49167 -> 192.99.69.170:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49171 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49178 -> 144.217.14.139:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49175 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49163 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 144.217.14.139:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49168 -> 142.44.242.100:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49166 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49169 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49174 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49176 -> 192.99.69.170:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49165 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49172 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49170 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 142.44.242.100:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49173 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49177 -> 144.217.14.139:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49180 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49175 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49170 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49172 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49166 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49177 -> 144.217.14.139:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49174 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49163 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49180 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 144.217.14.139:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49169 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49178 -> 144.217.14.139:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49176 -> 192.99.69.170:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49165 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 142.44.242.100:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49167 -> 192.99.69.170:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49171 -> 144.217.14.109:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49168 -> 142.44.242.100:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49173 -> 142.44.243.6:14433	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol (5 events)

ip	142.44.242.100
ip	142.44.243.6
ip	144.217.14.109
ip	144.217.14.139
ip	192.99.69.170

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0054c600', u'virtual_address': u'0x0001a000', u'entropy': 7.66102464816786, u'name': u'.data', u'virtual_size': u'0x0054c4a0'}

entropy

7.66102464817

description

A section with a high entropy has been found

entropy

0.977391460998

description

Overall entropy of this PE file is high

silent.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All