Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 01:11
Sicherheitsupdates: Zo...
11.14 01:11
Bengal cat lovers in A...
11.14 12:11
RCE intrusions likely ...
11.14 12:11
Permiso releases 3 ope...
11.14 12:11
Impersonation attacks ...
11.14 12:11
Half a dozen HPE Aruba...
11.14 12:11
Broadcom unveils priva...
11.14 12:11
Broadcom introduces Ve...
11.14 12:11
Tesla Recalls Cybertru...
11.14 12:11
Altman-Backed Oklo Ink...

Summary | ZeroBOX

art22.exe

PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 4, 2024, 4:41 p.m.	Feb. 4, 2024, 4:45 p.m.

Size	2.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`68bb10f285c0dbab62f5a8ad7c25ee7a`
SHA256	`77dee6099cf3f0bc7cd43f2f44ed61598fc915c30f5ca291338f883c9b86cc1d`
CRC32	`6ACF185C`
ssdeep	`49152:BWM4CdnWD+27FwZCdg4kP3qroi0a0Kr0jSIv0Jq:07CdnWa27CQdg4kPSoFa09jLvL`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

art22.exe "C:\Users\test22\AppData\Local\Temp\art22.exe"
2540

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 131.153.76.130 A 125.253.92.50	125.253.92.50

IP Address	Status	Action
104.26.5.15	Active	Moloch
125.253.92.50	Active	Moloch
164.124.101.2	Active	Moloch
212.224.86.223	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49162 -> 125.253.92.50:80	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49162 -> 125.253.92.50:80	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.00cfg

Communicates with host for which no DNS query was performed (2 events)

host	104.26.5.15
host	212.224.86.223