No | Date | Request | Urls | Hosts | IDS | Rule | Score | Zero | VT | Player | Etc | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 2023-12-04 18:31 |
cp.exe 67c91a40f9550dca6e0caf57325b9a10Themida Packer Downloader UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware crashed |
10.6 | M | 33 | ZeroCERT | ||||||||||||||||||
|
||||||||||||||||||||||||
2 | 2023-12-04 15:40 |
cp.exe 67c91a40f9550dca6e0caf57325b9a10Themida Packer UPX PE32 PE File |
1.0 | M | ZeroCERT | |||||||||||||||||||
|
||||||||||||||||||||||||
3 | 2023-03-22 17:29 |
007.exe fe05605a8065764a5ec8aba32db6e697PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
2.0 | M | 32 | ZeroCERT | ||||||||||||||||||
|