Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1891	2024-07-27 12:36	aaa.exe 1318fbc69b729539376cb6c9ac3cee4c Downloader Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 DNS		1		2.0			ZeroCERT

1892	2024-07-26 19:13	Pack de fonctions XLP.xlam ca44bdc6e8bc0d6d84538914be136fbe VBA_macro ZIP Format VirusTotal Malware unpack itself				1.2		2	guest

1893	2024-07-26 19:06	enter.exe 5aa3b4d694bc828650c63ade641f4581 Client SW User Data Stealer RedLine stealer browser info stealer Generic Malware Downloader Google Chrome User Data Malicious Library Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio Browser Info Stealer Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	20.2	M	39	ZeroCERT

1894	2024-07-26 19:00	C.exe 9474b528235299dbbd8e6d7520df48e3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB WriteConsoleW				0.8		5	ZeroCERT

1895	2024-07-26 18:52	gdfvr.hta 2c663f0e924c1b0773b65541f610dc2f Generic Malware Antivirus PE File DLL PE32 .NET DLL Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	10.4	M	18	ZeroCERT

1896	2024-07-26 18:52	kyvbsa.pdf d73a838f5ca1608b145182bc05b98921 PDF					M		ZeroCERT

1897	2024-07-26 18:51	Proxy.exe 979c9b19507478fe8f08d537ec70538b Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files				1.6		16	ZeroCERT

1898	2024-07-26 18:46	cliente.exe 3ef97e69a4c36ab5dc588a8aca155241 UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware crashed				1.4		19	ZeroCERT

1899	2024-07-26 18:46	winiti.exe 3d33cbde84d0a1197ec0d459d634473e North Korea Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS		1		3.0	M	41	ZeroCERT

1900	2024-07-26 18:44	5346347634735.exe eff57bbdb0bd6825a3a3476e2fcc86be Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	63	ZeroCERT

1901	2024-07-26 18:43	E_Sales_Doc43032234647380921_p... 0a8c019dde3aafa90a3cd96efd391df8 Generic Malware Lnk Format GIF Format Creates shortcut unpack itself WriteConsoleW	1 Keyword trend analysis			1.0			ZeroCERT

1902	2024-07-26 18:42	csrss.exe 4fb3e6e7b8f9c12cd2d5e161f7b94760 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library Malicious Packer Antivirus UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDe Remcos VirusTotal Malware PDB Code Injection Malicious Traffic Check memory buffers extracted Remote Code Execution	1 Keyword trend analysis	4	1	6.2	M	19	ZeroCERT

1903	2024-07-26 18:41	test2.jpg.exe ed6763398d7969ed28874c431402ee31 UPX PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.0	M	39	ZeroCERT

1904	2024-07-26 18:41	jiopdssa.lnk 370e93fbd938d0a6a8bae14c7b6a32d6 Generic Malware Antivirus Lnk Format GIF Format Creates shortcut unpack itself WriteConsoleW	1 Keyword trend analysis			1.0			ZeroCERT

1905	2024-07-26 18:39	c.cmd 948fdedc86c635c28b83bcd72f3557bd Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.0	M		ZeroCERT