Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-10-17 10:55	mso-install.exe d16b9f62e697777a3b63f53c95a8c65c Gen1 Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE32 OS Processor Check PE64 CAB DLL Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check installed browsers check Tofsee Interception Windows Browser ComputerName DNS Cryptographic key	12 Keyword trend analysis Info http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20791.cab http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://185.25.60.13:8080/distr/components/deploy-mso.dst http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl http://195.130.214.155:8080/logUserActivity.php?u=3FE1525F8E2065C102140EB6C463BC5D&t=1729181842&m=common&a=run_Component:%20deploy-mso%20(pid%20=%201603) http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab http://185.25.60.13:8080/distr/components/deploy-mso.ver	14 Info officecdn.microsoft.com(38.96.206.65) nexusrules.officeapps.live.com(52.111.243.30) ecs.office.com(52.113.194.132) mrodevicemgr.officeapps.live.com(52.109.124.190) cacerts.digicert.com(152.195.38.76) www.microsoft.com(104.94.217.134) 195.130.214.155 23.40.45.184 - mailcious 52.109.124.190 152.195.38.76 52.111.227.14 52.113.194.132 185.25.60.13 - malware 173.222.248.74	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Possible Windows executable sent when remote host claims to send a Text File ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		12.6		18	ZeroCERT

First
1
Last
Total : 1cnts