Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
76	2023-09-13 09:42	hkcmd.hta ba271568b611cfbc62dca1fc2d2e8bf3 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1	11.2			ZeroCERT

77	2023-09-13 09:41	hkcmd.hta 21e650595550a14f42931906c0dd9f92 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	10.6		13	ZeroCERT

78	2023-09-12 09:13	IE_Cache.hta e8fa112b91c1297187713059d481f0c8 Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis			7.2		16	ZeroCERT

79	2023-09-12 09:12	WUDFHost.hta fc03281320e21c988773e1c2f8389d0f Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	10.6		13	ZeroCERT

80	2023-09-09 21:41	mshta.hta cc504d2b599df93f30cf9fe27cb00ce2 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed		1	2	10.8		32	ZeroCERT

81	2023-09-09 21:41	1.hta ff3ba7711a230e6c17ac77a271ec3622 Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	5 Info ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh)	10.8		22	ZeroCERT

82	2023-09-09 21:29	HDDREQ.hta 4b2493d809acdca8b79aa2e22c04144c AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	4.6		23	ZeroCERT

83	2023-09-08 16:12	HDDREQ.hta 4b2493d809acdca8b79aa2e22c04144c VirusTotal Malware crashed				0.8		19	ZeroCERT

84	2023-09-05 08:36	invoice-102131.html bf144f6c2447db451d66d8d4917f680f AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.4			ZeroCERT

85	2023-09-05 08:36	OBRJPNIWfH.html 2c6430631f5aa5dfc4ce9788f95c238b AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.4			ZeroCERT

86	2023-09-05 08:36	FAX_20230728_9257373703_209.ht... beb30419455b27cdc5d053f7aa0643e5 AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.4			ZeroCERT

87	2023-09-05 08:34	DhfPsdwMGG.html d6a01f4966bba0e30f3ab8c492c013f6 AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.4			ZeroCERT

88	2023-09-05 08:34	bLzVqypJrU.html fe078216cb1ca00f4878fda69d11692a AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.4			ZeroCERT

89	2023-09-05 08:34	auth.html 48702aa2c044f951e2b491a7f4989168 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8			ZeroCERT

90	2023-09-04 11:15	4.html f71368efc1380be49fbffadd63510ab1 Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.4	M		ZeroCERT