Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 3, 2024, 7:12 a.m. | April 3, 2024, 7:17 a.m. |
-
4.exe "C:\Users\test22\AppData\Local\Temp\4.exe"
2552
Name | Response | Post-Analysis Lookup |
---|---|---|
xmr.2miners.com | 162.19.139.184 | |
rentry.co | 172.67.145.129 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2040353 | ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) | Crypto Currency Mining Activity Detected |
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2044864 | ET INFO Pastebin Service Domain in DNS Lookup (rentry .co) | Misc activity |
TCP 91.92.242.200:3333 -> 192.168.56.101:49164 | 2400006 | ET DROP Spamhaus DROP Listed Traffic Inbound group 7 | Misc Attack |
TCP 192.168.56.101:49163 -> 104.21.95.148:443 | 2044865 | ET INFO Observed Pastebin Service Domain (rentry .co in TLS SNI) | Misc activity |
TCP 192.168.56.101:49163 -> 104.21.95.148:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
UNDETERMINED 192.168.56.101:49162 162.19.139.184:2222 |
None | None | None |
TLS 1.3 192.168.56.101:49163 104.21.95.148:443 |
None | None | None |
TLS 1.3 192.168.56.101:49164 91.92.242.200:3333 |
None | None | None |
section | .00cfg |
host | 91.92.242.200 |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.Miner.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | Trojan-FWHP!FCCE0A9AA496 |
Cylance | unsafe |
VIPRE | Application.Generic.3649698 |
Sangfor | CoinMiner.Win64.Kryptik.Vk0t |
K7AntiVirus | Trojan ( 005af85d1 ) |
BitDefender | Application.Generic.3649698 |
K7GW | Trojan ( 005af85d1 ) |
Arcabit | Application.Generic.D37B0A2 |
VirIT | Trojan.Win64.Agent.GNH |
Symantec | Trojan Horse |
ESET-NOD32 | a variant of Win64/Kryptik.EDF |
APEX | Malicious |
McAfee | Trojan-FWHP!FCCE0A9AA496 |
Avast | Win64:Evo-gen [Trj] |
ClamAV | Win.Trojan.Genkryptik-10016533-0 |
Kaspersky | HEUR:Trojan.Win32.Miner.pef |
Alibaba | Trojan:Win64/CoinMiner.ad3fc43d |
MicroWorld-eScan | Application.Generic.3649698 |
Rising | Trojan.Staser!8.7FD (TFE:5:g2ZCviiLSKR) |
Emsisoft | Application.Generic.3649698 (B) |
F-Secure | Trojan.TR/AD.Nekark.jumdx |
TrendMicro | TROJ_GEN.R002C0DD124 |
FireEye | Generic.mg.fcce0a9aa496c81d |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win64.Krypt |
Detected | |
Avira | TR/AD.Nekark.jumdx |
MAX | malware (ai score=70) |
Antiy-AVL | Trojan/Win64.GenKryptik |
Kingsoft | Win32.Trojan.Miner.pef |
Gridinsoft | Trojan.Win64.Kryptik.sa |
Microsoft | Trojan:Win64/CoinMiner!pz |
ViRobot | Trojan.Win.Z.Genkryptik.5586216 |
ZoneAlarm | HEUR:Trojan.Win32.Miner.pef |
GData | Win64.Trojan.Agent.9BRFQS |
Varist | W64/Kryptik.LEG.gen!Eldorado |
AhnLab-V3 | Dropper/Win.DropperX-gen.R622355 |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.Crypt.Generic |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | TROJ_GEN.R002C0DD124 |
Tencent | Malware.Win32.Gencirc.140757e9 |
MaxSecure | Trojan.Malware.121218.susgen |
Fortinet | W64/GenKryptik.GQCB!tr |
AVG | Win64:Evo-gen [Trj] |
CrowdStrike | win/malicious_confidence_90% (W) |