Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 18, 2024, 7:34 a.m. | June 18, 2024, 7:45 a.m. |
-
miner.exe "C:\Users\test22\AppData\Local\Temp\miner.exe"
2644
Name | Response | Post-Analysis Lookup |
---|---|---|
randomxmonero.auto.nicehash.com | 34.149.22.228 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 94.156.65.121:80 -> 192.168.56.101:49164 | 2400014 | ET DROP Spamhaus DROP Listed Traffic Inbound group 15 | Misc Attack |
TCP 192.168.56.101:49164 -> 94.156.65.121:80 | 2051004 | ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request | Crypto Currency Mining Activity Detected |
TCP 192.168.56.101:49165 -> 94.156.65.121:80 | 2051004 | ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request | Crypto Currency Mining Activity Detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.3 192.168.56.101:49163 34.149.22.228:443 |
None | None | None |
section | .00cfg |
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.156.65.121/ACDG57T68GGYB/api/endpoint.php |
request | POST http://94.156.65.121/ACDG57T68GGYB/api/endpoint.php |
request | POST http://94.156.65.121/ACDG57T68GGYB/api/endpoint.php |
host | 94.156.65.121 |