Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 27, 2024, 3:08 p.m. | Aug. 27, 2024, 3:20 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
bitbucket.org | 104.192.140.26 | |
pool.hashvault.pro | 125.253.92.50 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2036289 | ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) | Crypto Currency Mining Activity Detected |
TCP 192.168.56.101:49166 -> 104.192.140.26:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49167 -> 104.192.140.26:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49172 -> 131.153.76.130:80 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
TCP 192.168.56.101:49172 -> 131.153.76.130:80 | 2024792 | ET POLICY Cryptocurrency Miner Checkin | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
pdb_path | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
section | .didat |
resource name | PNG |
file | C:\Users\test22\AppData\Roaming\3.exe |
file | C:\Users\test22\AppData\Roaming\1.exe |
file | C:\Users\test22\AppData\Roaming\2.exe |
file | C:\Users\test22\AppData\Roaming\1.exe |
file | C:\Users\test22\AppData\Roaming\2.exe |
file | C:\Users\test22\AppData\Roaming\3.exe |
file | C:\Users\test22\AppData\Roaming\1.exe |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA Share | reg_value | C:\Users\test22\AppData\Roaming\ServiceAmd\3.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Miner.4!c |
Cynet | Malicious (score: 99) |
McAfee | Artemis!31FA727012B5 |
ALYac | Gen:Variant.Jaik.217886 |
Cylance | Unsafe |
Sangfor | Trojan.Win64.Agent.Vlxd |
K7AntiVirus | Trojan ( 005a508c1 ) |
K7GW | Trojan ( 005a508c1 ) |
Cybereason | malicious.012b59 |
Symantec | Trojan.Gen.MBT |
Elastic | malicious (high confidence) |
ESET-NOD32 | multiple detections |
Paloalto | generic.ml |
ClamAV | Win.Packed.Bladabindi-10017056-0 |
MicroWorld-eScan | Gen:Variant.Jaik.217886 |
F-Secure | Trojan.TR/AVI.Lumma.qvknn |
McAfeeD | ti!FE0965800533 |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious SFX |
Webroot | Trojan.Dropper.Gen |
Detected | |
Avira | TR/AVI.Lumma.qvknn |
Antiy-AVL | Trojan[Banker]/Win32.ClipBanker |
Gridinsoft | Trojan.Win64.CoinMiner.sa |
Microsoft | Trojan:Win64/XMRig!pz |
Varist | W32/ABRisk.KASG-6017 |
DeepInstinct | MALICIOUS |
VBA32 | BScope.TrojanDownloader.Upatre |
Malwarebytes | Crypt.Trojan.MSIL.DDS |
Ikarus | Trojan.Win64.Bladabindi |
huorong | TrojanDropper/W64.Agent.y |
Fortinet | W64/GenKryptik.GIIA!tr |
CrowdStrike | win/malicious_confidence_90% (W) |
alibabacloud | Miner:Multi/XMRig.CWZB3DGW |