Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
16	2024-05-23 18:04	xin.exe ca039a10eadbf91b4d5363e4f1090141 AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		17 Info widget.uservoice.com(104.17.27.92) fonts.googleapis.com(74.125.203.95) camo.githubusercontent.com(185.199.108.133) www.google-analytics.com(142.250.76.142) 142.250.207.78 104.17.29.92 104.17.30.92 142.250.66.106 104.17.27.92 104.17.28.92 104.17.31.92 216.239.38.178 216.239.34.178 216.239.36.178 185.199.110.133 - malware 216.239.32.178 172.217.25.10	1	6.2	M		ZeroCERT

17	2024-05-17 10:12	ttt.hta b5080c0d123ce430f1e28c370a0fa18b VirusTotal Malware Check memory RWX flags setting unpack itself Tofsee Interception ComputerName	1 Keyword trend analysis	2	2	2.6		23	ZeroCERT

18	2024-05-17 10:04	ttt.hta b5080c0d123ce430f1e28c370a0fa18b VirusTotal Malware crashed				1.0		23	ZeroCERT

19	2024-05-09 11:08	5.hta 0864405d81d8ab37b43868a26748f57a Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger	2 Keyword trend analysis	1	2	13.0	M	24	ZeroCERT

20	2024-05-09 11:06	1.hta cc022fea5d0660e1e221b02d2c55553b Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell ZIP Format Lnk Format GIF Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

21	2024-05-09 11:05	4.hta 1e5a563b24dd2e44b449042b69ddbd7c Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Exploit Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

22	2024-05-09 11:05	3.hta 4ab94c892e634430c8eabae82af4d875 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

23	2024-05-09 11:02	2.hta bb537c9f88a70e710c5993e3fe383bb6 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Exploit Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

24	2024-05-09 11:02	.hta 18dbd534f0a9f76cfb874a7a7e688c90 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

25	2024-04-21 12:52	.hta dbc5a204c56d2c6c974bb9ce287978d4 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	23	ZeroCERT

26	2024-04-21 12:47	.hta c4c06bc09d5d07d8abdb074e80806d07 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	1	11.4	M	24	ZeroCERT

27	2024-04-18 08:35	.hta 9f587ac1e364bc4b89ea9991c780b09a							ZeroCERT

28	2024-04-18 08:35	2.hta a76519720925437e61593d697c22d2c3 VirusTotal Malware				0.8		24	ZeroCERT

29	2024-04-18 08:35	3.hta 1813054fd92c59be0214e8f908d31155 VirusTotal Malware				0.8		24	ZeroCERT

30	2024-04-08 18:26	razdva.exe 92e3bc31c3f3a079170be7d7cbb1bd41					M		ZeroCERT