Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2024, 5:04 p.m.	Oct. 21, 2024, 5:07 p.m.

Size	4.9MB
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`b1834e1ac5d374dbdfc865de566834b9`
SHA256	`26a91c5bdd982f9ca4dab220a56565f145d29d3abc2be6fbfb09191296844308`
CRC32	`D33C8D4D`
ssdeep	`98304:6xOgFu7FSdeIMpAiRfzUoraomhFY/Hl6RqVJgwFKR+uCZlf:65FuYhhFYPl6AgwFGW/f`
Yara	Malicious_Library_Zero - Malicious_Library XMRig_Miner_IN - XMRig Miner PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\p90.dll,
2164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\p90.dll,DllRegisterServer
1708
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\p90.dll,DllRegisterServer
  2236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Oct. 21, 2024, 4:57 p.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 21, 2024, 4:57 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 21, 2024, 4:57 p.m.	process_identifier: 2236 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Worm.rh
Cylance	Unsafe
VIPRE	Gen:Heur.Variadic.A.13.2
Sangfor	Trojan.Win64.XMR.Miner
CrowdStrike	win/grayware_confidence_60% (D)
BitDefender	Gen:Heur.Variadic.A.13.2
Arcabit	Trojan.Variadic.A.13.2
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Cryptominer.Generic
ESET-NOD32	a variant of Win64/CoinMiner.IZ potentially unwanted
Avast	Win64:MiscX-gen [PUP]
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
MicroWorld-eScan	Gen:Heur.Variadic.A.13.2
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft	Gen:Heur.Variadic.A.13.2 (B)
CTX	dll.unknown.variadic
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.b1834e1ac5d374db
Jiangmin	RiskTool.XMRigMiner.n
Google	Detected
Antiy-AVL	Trojan/Win64.CoinMiner.xmr
Gridinsoft	Trojan.Win64.CoinMiner.mz!s6
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
GData	Win64.Application.Coinminer.CP
AhnLab-V3	Trojan/Win.Miner3.R512976
DeepInstinct	MALICIOUS
Malwarebytes	BitcoinMiner.Trojan.Miner.DDS
Ikarus	PUA.CoinMiner
huorong	HackTool/CoinMiner.p
MaxSecure	Trojan.Malware.121218.susgen
AVG	Win64:MiscX-gen [PUP]
alibabacloud	Miner:Win/CoinMiner.HPC

p90.dll