Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
18091	2023-05-01 16:35	Calculator.exe 53817d095edd0763941ea1fb8af644a1 Gen1 Emotet Gen2 Generic Malware UPX ASPack Malicious Library OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files Ransomware				2.6	M	26	ZeroCERT

18092	2023-05-01 15:42	disableclr.exe 6f7ee6c7d8f302d4c292508696a6dedb RAT Malicious Library PE32 PE File				0.2			guest

18093	2023-05-01 11:49	main.c47195de.css 0adbf0b1d5e2bd19d4e94242e0840430 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			BRY

18094	2023-05-01 07:43	PNe5J9o1XCKpHYk.exe 40be18ff344e38f80cec056f5bd97f21 PWS .NET framework UPX Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key		1		16.0	M	55	guest

18095	2023-04-29 23:32	JoSetp.exe ed59308f9e2b59ec4195a99788cee8ee Confuser .NET .NET EXE PE32 PE File VirusTotal Malware MachineGuid Check memory Checks debugger ICMP traffic unpack itself Check virtual network interfaces Tofsee Ransomware DNS		3	3	4.4	M	57	guest

18096	2023-04-29 21:52	svchost.exe e6a2752e80594deabb0362f04ad28cd4 PE64 PE File VirusTotal Malware crashed				0.6		4	guest

18097	2023-04-29 14:11	Hash3_old_SC.bat b6e57ac15b25e719f377d730eca367e0 Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.0			ZeroCERT

18098	2023-04-29 14:11	Widgets.bat dbc8b43b6f585fb216d2fa69cafb11e3 Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.4		2	ZeroCERT

18099	2023-04-29 14:03	ProjectFunding_F095_Apr28.wsf 5f22cd6c30898540df18fe6fb40a31d2 Qakbot VBScript wscript.exe payload download DNS Dropper	1 Keyword trend analysis	1		10.0			guest

18100	2023-04-29 14:03	ProjectFunding_F095_Apr28.wsf 5f22cd6c30898540df18fe6fb40a31d2 VBScript wscript.exe payload download DNS Dropper	1 Keyword trend analysis	1		10.0			guest

18101	2023-04-29 14:02	ProjectFunding_D371_Apr28.wsf dd9b616637cb67d4823ca2ce569a158e VBScript wscript.exe payload download DNS Dropper	1 Keyword trend analysis	1		10.0			guest

18102	2023-04-29 12:30	mmm.exe 8018e9f1a6e6f4c6ad0475f255474d89 RAT Generic Malware UPX Antivirus OS Processor Check .NET EXE PE32 PE File VirusTotal Malware powershell Telegram AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AntiVM_Disk VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key keylogger		2	4	7.8	M	56	ZeroCERT

18103	2023-04-29 12:29	purplerain.dat 64a097d23fbc66180b46bc9124518090 DLL PE32 PE File Checks debugger unpack itself DNS crashed				2.8	M		ZeroCERT

18104	2023-04-29 12:29	EdGen.exe 591c537adab2a4a720f50d84de2b60ea AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		5	2	6.0	M		ZeroCERT

18105	2023-04-29 09:56	NVDIA40.exe 4a1f2dc9c8df4981eb8f8003afdf21f9 RAT Generic Malware UPX .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself				1.8	M	21	ZeroCERT