Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 2, 2024, 9:10 a.m.	Feb. 2, 2024, 9:13 a.m.

Size	5.2MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`118c2d536d52dd30116baaf06dfe5e63`
SHA256	`f07c7223fdb691acbf0ebc7d9cc2ae614c0cf705920420c0130248a0c0e861d4`
CRC32	`641DD856`
ssdeep	`98304:ZHjJcetx2WKUcuIBjyHS7M4NrZdQ/UxBq0L56CVtM3g1fiZYi6BFAD04FyTR:wetx2Td0KBq09jXLfri6v52yTR`
Yara	Malicious_Library_Zero - Malicious_Library XMRig_Miner_IN - XMRig Miner Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

xmrig.exe "C:\Users\test22\AppData\Local\Temp\xmrig.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Feb. 2, 2024, 9:10 a.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	_RANDOMX
section	_TEXT_CN
section	_RDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Feb. 2, 2024, 9:10 a.m.	process_identifier: 2560 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000540000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Miner.tstT
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	PUA.GenericIH.S30100706
Skyhigh	BehavesLike.Win64.PUP.th
ALYac	Gen:Variant.Application.Miner.2
Cylance	unsafe
VIPRE	Gen:Variant.Application.Miner.2
Sangfor	Trojan.Win64.XMR.Miner
K7AntiVirus	Trojan ( 005697011 )
BitDefender	Gen:Variant.Application.Miner.2
K7GW	Trojan ( 005697011 )
Arcabit	Trojan.Application.Miner.2
Symantec	PUA.Gen.2
ESET-NOD32	a variant of Win64/CoinMiner.QG potentially unwanted
APEX	Malicious
McAfee	Artemis!118C2D536D52
Avast	Win64:MiscX-gen [PUP]
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
Alibaba	Trojan:Win32/Coinminer.449
NANO-Antivirus	Riskware.Win64.BitMiner.kenrfp
MicroWorld-eScan	Gen:Variant.Application.Miner.2
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft	Gen:Variant.Application.Miner.2 (B)
F-Secure	PotentialRisk.PUA/CoinMiner.Gen
DrWeb	Tool.BtcMine.2733
Zillya	Tool.BitMiner.Win32.4548
TrendMicro	TROJ_GEN.R002C0WKN23
FireEye	Generic.mg.118c2d536d52dd30
Sophos	XMRig Miner (PUA)
Ikarus	PUA.CoinMiner
Webroot	Bitcoinminer.Gen
Google	Detected
Avira	PUA/CoinMiner.Gen
MAX	malware (ai score=72)
Antiy-AVL	GrayWare/Win64.CoinMiner.po
Kingsoft	malware.kb.a.744
Gridinsoft	Trojan.Win64.CoinMiner.ca
Xcitium	ApplicUnwnt@#8ffr6ueia21p
ZoneAlarm	not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen
GData	Win64.Application.Coinminer.CP
Varist	W64/Coinminer.BN.gen!Eldorado
AhnLab-V3	Win-Trojan/Miner3.Exp
Acronis	suspicious
DeepInstinct	MALICIOUS
Malwarebytes	Neshta.Virus.FileInfector.DDS
Panda	PUP/CoinMiner
TrendMicro-HouseCall	TROJ_GEN.R002C0WKN23

xmrig.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All