Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1711	2024-08-01 14:56	faultrep.dll d73cecec94d5983755c81711baa7678e UPX Anti_VM PE File DLL PE64 VirusTotal Malware Checks debugger unpack itself					1.8		38	ZeroCERT

1712	2024-08-01 14:48	MichelinNight.lnk 4f35ca4893709a1e9027ccda0c3a1102 Generic Malware UPX Antivirus Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File DLL PE64 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					8.0		15	ZeroCERT

1713	2024-08-01 14:48	【算法工程师】李子豪.lnk e449e8239ec8d3910d2f81ed22ec762c Generic Malware UPX Antivirus Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File DLL PE64 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					8.4		31	ZeroCERT

1714	2024-08-01 11:17	random.exe 28700cd817abafa9a16ad89a0f7ffd86 Amadey Client SW User Data Stealer RedLine stealer browser info stealer EnigmaProtector Generic Malware Downloader Google Chrome User Data Malicious Library Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal cred Browser Info Stealer Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Packed Executable Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	1	20.8	M	38	ZeroCERT

1715	2024-08-01 11:15	dz.js 198c2e0eddd819cc239e7d79454bc7d2 VirusTotal Malware crashed	1 Keyword trend analysis				0.6		3	ZeroCERT

1716	2024-08-01 11:12	chkup.msi 10e9e9aff94dd23d61650c7673885f32 MSOffice File VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Tofsee ComputerName	1 Keyword trend analysis	4	2		3.4	M	28	ZeroCERT

1717	2024-08-01 11:00	roseflowergetmeforgirlshairs.g... 935dee250a117207ad585b612947fa27 Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8	M	3	ZeroCERT

1718	2024-08-01 11:00	weneedgreatthingsalwaystogetme... 4b9305dcc211e64941a71120617c8983 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2			4.6	M	38	ZeroCERT

1719	2024-08-01 10:59	vbs.jpeg.exe 70e3e9ac5a828e7374199903d3806303 Malicious Library UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB					0.6		1	ZeroCERT

1720	2024-08-01 10:59	gg.exe 18ff67b2f4d4e3f2a8ae474826fc86c8 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS crashed		1			4.0	M	58	ZeroCERT

1721	2024-08-01 10:58	buttersmoothflowerwayssmooth.g... ed2db1c558d7e56d7d9d67de4d14d60d Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.8	M	4	ZeroCERT

1722	2024-08-01 10:58	greatdayforeveryonetheyaregrea... d559f074ac2f858891395b2d39d93e8e Formbook MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	16 Keyword trend analysis Info http://www.askvanta.com/hhti/?BuYN=fjRDIvTmNEJNTuTcr8del2WQp76nRU4WKVyXC6Y4v5xhqnRixQ6zeb282ydBwPMN2XVyKj7Iv4bMnoolEkDYP7t2qkRY0AApd+m94wn/hzh5njk5AnE5TcuZf+A5lnJQAByr72U=&8Ps3x=9ga6bLE8B3 - rule_id: 41539 http://www.microsofr.fun/omnp/?BuYN=GQSd+8pi26b7zJhOJIQXVD/h3K/inFV8tNrqSt2nhXuDaWJRns1If/+gRxLu2YDerAFibGs6WR2Qt7jgVufvyJTnycUzu8Yso7GmTERVlWVgi3ROCwKMdFc5FOB0p/g90EsMQlA=&8Ps3x=9ga6bLE8B3 - rule_id: 41540 http://www.gotvoom.pro/yagd/ - rule_id: 41537 http://www.eworld.org/18e1/ - rule_id: 41541 http://www.c7v88.top/v6ba/ - rule_id: 41536 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip http://www.gotvoom.pro/yagd/?BuYN=uEwhQtN8d9WFSPX3vcuayxdpQqb8c/D/UpaKbFjD70Hg2gjUyZfmxqkinXZDMhG9GrAjDWM/1uaY6+kvF7tL6dHrL5YWOt4Y3qm+cyYTZ0PahKZdxCx3NJ3PVHCt9uZUePj8NnU=&8Ps3x=9ga6bLE8B3 - rule_id: 41537 http://www.c7v88.top/v6ba/?BuYN=nJtV0xxVonYleLmyEDIGF1GRtIwzCkYblW7ymF81wwUwIwWLid3Lr9yJw2X9YaLdXd5m2mo1Ok9Zsjhn2cbjbjbKzyMWkQ/uC8atz3xgP0khh14CmXxCw976WGM8OA3qn6b9QMQ=&8Ps3x=9ga6bLE8B3 - rule_id: 41536 http://www.ninunveiled.shop/y2xs/?BuYN=K+FBq1WtvybOxhvHtU6WfmZAZpWeOQe+tj2vmYfwz33F3b3Aes3OHbiwiZWnNpMPG0WPojpzHKw+GlwZgAeAfHJqiaj6RkWVZG7lgMda/YUzq50sWWgrRQDPyvkHd1GXzInPZUw=&8Ps3x=9ga6bLE8B3 - rule_id: 41542 http://www.juliakoppel.org/9wjj/ - rule_id: 41538 http://www.juliakoppel.org/9wjj/?BuYN=3pAkfJORuRgA59m5D3Ccm/a2baSHIB7ZSYQ2sF+aO2KWoeTfZIMk0oynOCre8P7un/vWh9+jgjqgzzA3WVgVD2gacPCD8hv2BH56l/1+ZEKULaKcv9mw30410B/1ELsaBxrqqsU=&8Ps3x=9ga6bLE8B3 - rule_id: 41538 http://www.microsofr.fun/omnp/ - rule_id: 41540 http://www.askvanta.com/hhti/ - rule_id: 41539 http://www.ninunveiled.shop/y2xs/ - rule_id: 41542 http://www.eworld.org/18e1/?BuYN=Pm7pKTMIYdCMccpB3xsAXFwsVOfU5MHbomtkvn/TIB3o6VHyHDbhzBEtFW9t5aJY+pX07Evew+XtfHVHXf6tslmSqwg1OujBiiUxK9iHVQ3RBf96wgYN9V5GQcLy17oB+M1M8tY=&8Ps3x=9ga6bLE8B3 - rule_id: 41541 http://104.219.239.104/15/winiti.exe	15 Info www.c7v88.top(15.197.148.33) - mailcious www.eworld.org(13.248.169.48) - mailcious www.ninunveiled.shop(104.21.87.176) - mailcious www.microsofr.fun(76.223.67.189) - mailcious www.gotvoom.pro(15.197.148.33) - mailcious www.juliakoppel.org(109.172.114.38) - mailcious www.askvanta.com(3.33.130.190) - mailcious 15.197.148.33 - mailcious 76.223.54.146 109.172.114.38 - mailcious 104.219.239.104 - mailcious 172.67.170.124 3.33.130.190 - phishing 45.33.6.223 76.223.67.189 - mailcious	8 Info ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (GET) M5 ET DNS Query to a .top domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	14 Info http://www.askvanta.com/hhti/ http://www.microsofr.fun/omnp/ http://www.gotvoom.pro/yagd/ http://www.eworld.org/18e1/ http://www.c7v88.top/v6ba/ http://www.gotvoom.pro/yagd/ http://www.c7v88.top/v6ba/ http://www.ninunveiled.shop/y2xs/ http://www.juliakoppel.org/9wjj/ http://www.juliakoppel.org/9wjj/ http://www.microsofr.fun/omnp/ http://www.askvanta.com/hhti/ http://www.ninunveiled.shop/y2xs/ http://www.eworld.org/18e1/	5.2	M	40	ZeroCERT

1723	2024-08-01 10:58	random.exe d9cb86f07f84abd7359a4b51371db020 Generic Malware Downloader Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName crashed		2	1		12.4	M	32	ZeroCERT

1724	2024-08-01 10:58	random.exe f0bb0592b63ca7c1baf6a12f5d3d867d EnigmaProtector PE File PE32 VirusTotal Malware unpack itself ComputerName crashed					2.4	M	32	ZeroCERT

1725	2024-08-01 10:55	js.jpeg.exe ca6a65c0bc674566fe409c56a5ea9301 Malicious Library UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB					0.6		1	ZeroCERT