gfdthawdddd.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | March 28, 2025, 9:28 a.m. | March 28, 2025, 9:30 a.m. |
-
gfdthawdddd.exe "C:\Users\test22\AppData\Local\Temp\gfdthawdddd.exe"
2056
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| xmr-eu1.nanopool.org | 51.89.23.91 | |
| pastebin.com | 172.67.19.24 | |
| xmr-eu2.nanopool.org | 51.195.43.17 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2033268 | ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) | Potential Corporate Privacy Violation |
| TCP 192.168.56.103:49163 -> 172.67.19.24:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
| UDP 192.168.56.103:64894 -> 164.124.101.2:53 | 2033268 | ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) | Potential Corporate Privacy Violation |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.103:49164 163.172.171.111:10343 |
None | None | None |
|
TLS 1.3 192.168.56.103:49162 51.15.58.224:10343 |
None | None | None |
|
TLS 1.3 192.168.56.103:49163 172.67.19.24:443 |
None | None | None |
| section | .00cfg |
| Bkav | W64.AIDetectMalware |
| Lionic | Trojan.Win32.Miner.4!c |
| Cynet | Malicious (score: 100) |
| CAT-QuickHeal | Trojan.Miner |
| Skyhigh | Trojan-FWHP!CB1AB881DF77 |
| ALYac | Gen:Variant.Tedy.523105 |
| Cylance | Unsafe |
| VIPRE | Gen:Variant.Tedy.523105 |
| Sangfor | CoinMiner.Win64.Kryptik.Vszr |
| CrowdStrike | win/malicious_confidence_100% (W) |
| BitDefender | Gen:Variant.Tedy.523105 |
| K7GW | Trojan ( 005af85d1 ) |
| K7AntiVirus | Trojan ( 005af85d1 ) |
| Arcabit | Trojan.Tedy.D7FB61 |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | Windows.Generic.Threat |
| ESET-NOD32 | a variant of Win64/Kryptik.EDF |
| APEX | Malicious |
| Avast | Win64:Evo-gen [Trj] |
| ClamAV | Win.Trojan.Genkryptik-10016533-0 |
| Kaspersky | HEUR:Trojan.Win32.Miner.pef |
| Alibaba | Trojan:Win64/Coinminer.77b069a8 |
| NANO-Antivirus | Trojan.Win64.Miner.kwkdek |
| MicroWorld-eScan | Gen:Variant.Tedy.523105 |
| Rising | Trojan.Staser!8.7FD (TFE:5:g2ZCviiLSKR) |
| Emsisoft | Gen:Variant.Tedy.523105 (B) |
| F-Secure | Heuristic.HEUR/AGEN.1370827 |
| DrWeb | Trojan.Siggen31.4006 |
| McAfeeD | ti!23FA323EEA0A |
| CTX | exe.trojan.generic |
| Sophos | Mal/Generic-S |
| SentinelOne | Static AI - Malicious PE |
| FireEye | Generic.mg.cb1ab881df77d5e5 |
| Detected | |
| Avira | HEUR/AGEN.1370827 |
| Antiy-AVL | Trojan/Win64.GenKryptik |
| Kingsoft | malware.kb.a.768 |
| Gridinsoft | Trojan.Win64.CoinMiner.sa |
| Microsoft | Trojan:Win64/Coinminer.RB!MTB |
| GData | Gen:Variant.Tedy.523105 |
| Varist | W64/Kryptik.LEG.gen!Eldorado |
| AhnLab-V3 | Dropper/Win.DropperX-gen.R622355 |
| McAfee | Trojan-FWHP!CB1AB881DF77 |
| DeepInstinct | MALICIOUS |
| Malwarebytes | Trojan.Crypt.Generic |
| Ikarus | Trojan.Win64.Crypt |
| Panda | Trj/GdSda.A |
| TrendMicro-HouseCall | Trojan.Win32.VSX.PE04C9V |
| Tencent | Trojan.Win64.Kryptik.hj |
| Yandex | Trojan.Miner!ln79aBUTstE |