Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 9:17 a.m.	Aug. 6, 2024, 9:20 a.m.

Size	5.0MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`eb7eb5acecb06deab2b4fce875d6c079`
SHA256	`3b0503a6c2fb8f5cc645df4d5ab4dd9161cab9104dd1b7b8db0a89956a94bc6e`
CRC32	`C5202D2A`
ssdeep	`98304:WoyQksM4D03ZztuWvrBl7IhqUSRK0DtRgNCPpZKFYv:dJM4DQTueNNIG/RJK8`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
gulf.moneroocean.stream	CNAME monerooceans.stream A 5.104.84.79	5.104.84.79

Flow	SID	Signature	Category
TCP 185.196.9.187:80 -> 192.168.56.101:49165	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
TCP 192.168.56.101:49163 -> 5.104.84.79:10128	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 185.196.9.187:80	2051004	ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request	Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49165 -> 185.196.9.187:80	2051004	ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request	Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49163 -> 5.104.84.79:10128	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

No Suricata TLS

section

.00cfg

suspicious_features

POST method with no referer header, Connection to IP address

suspicious_request

POST http://185.196.9.187/api/endpoint.php

request

POST http://185.196.9.187/api/endpoint.php

request

POST http://185.196.9.187/api/endpoint.php

host

185.196.9.187

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Reflo.4!c
Elastic	Windows.Generic.Threat
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.CoinMiner.S32378657
Skyhigh	BehavesLike.Win64.Trojan.rh
Malwarebytes	Trojan.Crypt
VIPRE	Gen:Heur.Mint.Zard.25
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005af85d1 )
BitDefender	Gen:Heur.Mint.Zard.25
K7GW	Trojan ( 005af85d1 )
Arcabit	Trojan.Mint.Zard.25
Symantec	Trojan.Coinminer!g3
ESET-NOD32	a variant of Win64/Kryptik.EDF
APEX	Malicious
McAfee	Trojan-FWHP!EB7EB5ACECB0
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Trojan.Genkryptik-10016533-0
Kaspersky	HEUR:Trojan.Win64.Reflo.pef
Alibaba	Trojan:Win64/Coinminer.f702d2e2
NANO-Antivirus	Trojan.Win64.Kryptik.kqljel
MicroWorld-eScan	Gen:Heur.Mint.Zard.25
Rising	Dropper.Injector!8.DC (TFE:5:qANomcoTHvR)
Emsisoft	Gen:Heur.Mint.Zard.25 (B)
F-Secure	Heuristic.HEUR/AGEN.1371052
DrWeb	Trojan.Siggen29.11587
Zillya	Trojan.Kryptik.Win64.48468
TrendMicro	TROJ_GEN.R002C0DGV24
McAfeeD	ti!3B0503A6C2FB
FireEye	Gen:Heur.Mint.Zard.25
Sophos	Troj/Krypt-ADL
SentinelOne	Static AI - Malicious PE
Webroot	W32.Coinminer.Gen
Google	Detected
Avira	HEUR/AGEN.1371052
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win64.GenKryptik
Kingsoft	Win64.Trojan.Reflo.pef
Gridinsoft	Trojan.Win64.Kryptik.sa
Microsoft	Trojan:Win64/Coinminer.RB!MTB
ZoneAlarm	HEUR:Trojan.Win64.Reflo.pef
GData	Gen:Heur.Mint.Zard.25
Varist	W64/Kryptik.LEG.gen!Eldorado
AhnLab-V3	Dropper/Win.DropperX-gen.R622355
DeepInstinct	MALICIOUS
VBA32	OScope.Trojan.Win64.Miner
Ikarus	Trojan.Win64.Krypt
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DGV24

svchost.exe