Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15001	2023-03-09 10:34	office.exe 4a39e396ddbd9c7116858b6f96a06eb2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.6	M	42	ZeroCERT

15002	2023-03-09 10:15	HAD.exe 92569f0bc4733fd80a974d67ddb9435e UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.4	M	27	ZeroCERT

15003	2023-03-09 10:15	Z5VhmI2NZZjijkdMu3uv21nvMfnvRC... 95ab53ac1cbd8a0f63bb6175b9c93f2b Malicious Library DLL PE File PE64 Remote Code Execution					0.8			ZeroCERT

15004	2023-03-09 10:13	31.31.31.doc 53b7ecf8450a8d221651aafd0a799b05 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		4.8	M	27	ZeroCERT

15005	2023-03-09 10:12	vbc.exe c4e6210df23d8c36b5fc72a04d91bd89 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		13.4	M	35	ZeroCERT

15006	2023-03-09 10:11	clip64.dll 57cf7ce2696f4ac87b27879886a089bf UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	49	ZeroCERT

15007	2023-03-09 10:08	JavHa.exe 4adf9b20011bc571b61884f1b630a84a UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.4	M	28	ZeroCERT

15008	2023-03-09 10:08	photo_004.exe f299e8ceddf0b64611f2dd18bd7bb55e UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					1.2			ZeroCERT

15009	2023-03-09 10:07	vbc.exe ff0de9ed198503bbcc642614eefc377e UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed					7.0	M	25	ZeroCERT

15010	2023-03-09 10:06	clip64.dll 312bf0a2cfe4b485ee52c40fbadf1915 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	51	ZeroCERT

15011	2023-03-09 10:05	EPR Payment Summary.doc ad16430c43ef743109301fa643a25eed VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	6 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://meeting.nmconline.org/wp-content/pgynuy3gyq-qib01-12349/ https://www.honeybearlane.com/epj71/tBtwANZJs/ https://ramadepo.000webhostapp.com/wp-includes/90cn-6er-1300852063/ https://royalinteriorsdesign.000webhostapp.com/wp-admin/hkgyeqNXL/ https://stretchpilates.fit/wp-content/kvRYjXUH/	12 Info royalinteriorsdesign.000webhostapp.com(145.14.145.187) - mailcious stretchpilates.fit(192.124.249.111) - malware www.honeybearlane.com(199.79.53.17) - mailcious apps.identrust.com(23.216.159.9) meeting.nmconline.org(104.207.254.70) - malware ramadepo.000webhostapp.com(145.14.144.143) - malware 145.14.145.163 - mailcious 104.207.254.70 145.14.144.197 - malware 121.254.136.57 192.124.249.111 199.79.53.17	4		4.8	M	40	ZeroCERT

15012	2023-03-09 10:04	sqlcmd.exe fc4462b1448b7db9f905be31b1bb288d Generic Malware UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	4	2		10.0	M	33	ZeroCERT

15013	2023-03-09 10:03	ss35.exe 8c88de3d340307ef3994e4d42b988b27 Gen2 Gen1 UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.2	M	7	ZeroCERT

15014	2023-03-09 10:03	RnLGmaMVRRbyeY3nZb a5bd4d4812aab61a33ad2ac1265c127f						M		ZeroCERT

15015	2023-03-09 10:02	bcd4b93a1a85c5ba45a4f7e5980db1... 3b32570cfc08329e3bf2624f727ead3f Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	5.0	M	44	ZeroCERT