66c2d861a5b4d_google.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | Aug. 20, 2024, 9:36 a.m. | Aug. 20, 2024, 9:45 a.m. |
-
66c2d861a5b4d_google.exe "C:\Users\test22\AppData\Local\Temp\66c2d861a5b4d_google.exe"
2060
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| pool.hashvault.pro | 131.153.76.130 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:50800 -> 164.124.101.2:53 | 2036289 | ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) | Crypto Currency Mining Activity Detected |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.103:49163 131.153.76.130:443 |
None | None | None |
| section | .00cfg |
| section | .text0 |
| section | .text1 |
| section | .text2 |
| section | {u'size_of_data': u'0x00a61400', u'virtual_address': u'0x00f4d000', u'entropy': 7.976274827641615, u'name': u'.text2', u'virtual_size': u'0x00a612a0'} | entropy | 7.97627482764 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.9820752102 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W64.AIDetectMalware |
| Elastic | malicious (high confidence) |
| Skyhigh | BehavesLike.Win64.RisePro.vc |
| Cylance | Unsafe |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win64/Packed.VMProtect.AC suspicious |
| APEX | Malicious |
| Avast | FileRepMalware [Trj] |
| Kaspersky | UDS:Trojan.Win32.Miner.bfhiu |
| Rising | Trojan.Agent!8.B1E (TFE:5:FkFUO8h2JGR) |
| McAfeeD | Real Protect-LS!8447DBE44AA2 |
| Trapmine | malicious.moderate.ml.score |
| Webroot | W32.Backdoor.Gen |
| Antiy-AVL | Trojan[Packed]/Win64.VMProtect |
| Kingsoft | Win32.Trojan.Miner.bfhiu |
| Microsoft | Trojan:Win32/Sabsik.FL.A!ml |
| ZoneAlarm | UDS:Trojan.Win32.Miner.bfhiu |
| Malwarebytes | Trojan.CoinMiner |
| AVG | FileRepMalware [Trj] |
| CrowdStrike | win/malicious_confidence_100% (W) |