Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
2191	2024-07-15 16:42	buildz.exe a849c8e77640b84fb11c61c2caeaef24 Suspicious_Script_Bin Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	6 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	8.2	M		ZeroCERT

2192	2024-07-15 16:41	kkm.exe ab6ca8e3d0c7967c6372a96334e6bb19 Generic Malware Malicious Library UPX .NET framework(MSIL) Anti_VM PE File PE32 DLL .NET DLL PNG Format Lnk Format GIF Format OS Processor Check ftp .NET EXE VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName				4.0	M	40	ZeroCERT

2193	2024-07-15 10:30	Update (1).js 43c65f08a365483fc68f8a36958b7b49 Malware download Malware VBScript wscript.exe payload download unpack itself Tofsee SocGholish DNS crashed Dropper	1 Keyword trend analysis	2	4	10.0			guest

2194	2024-07-15 10:30	Update.js 19e9ed9aab2bbf4d40e7d1e1072ebd21 Malware download Malware VBScript wscript.exe payload download Tofsee SocGholish DNS crashed Dropper	1 Keyword trend analysis	2	4	10.0			guest

2195	2024-07-15 09:46	setup.exe 6a3939be71bff89a00b8d66c0cdae6d2 Malicious Library PE File PE32 Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName				3.6			ZeroCERT

2196	2024-07-15 09:39	Rrobknnz-TPBA.exe 54b737b86fddcb3ca236a6cf743e66e7 Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process AppData folder Windows ComputerName Cryptographic key				6.0	M	54	ZeroCERT

2197	2024-07-15 09:38	Milieuskadeligst.exe 99af50ba5059f85a1c8bd15ecf23fb3b Malicious Library PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself				2.6	M	50	ZeroCERT

2198	2024-07-15 09:37	Eflbu.exe e3dc222d0a34c4b230f538a67bb7265d Malicious Library PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key				4.8	M	63	ZeroCERT

2199	2024-07-15 09:36	Trkyzwvg-TG-R.exe 42208ec96d3a525eb6c8fb7039dc680a Generic Malware .NET framework(MSIL) Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key				5.4	M	58	ZeroCERT

2200	2024-07-15 09:35	AntiVirus2.exe e81179996dbd2490c45ca13d80eae0a8 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1		4.6	M	58	ZeroCERT

2201	2024-07-15 09:33	PDF.FaturaDetay_202407.exe 3a2ba5be087162cfdb5d49ac32edd534 Emotet Generic Malware Malicious Library Antivirus UPX Confuser .NET .NET framework(MSIL) AntiDebug AntiVM DllRegisterServer dll PE File PE32 MZP Format PowerShell CAB .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Cryptographic key		2	2	11.6	M	43	ZeroCERT

2202	2024-07-15 09:32	pqjvyogm.exe 6498c822022751dbe8abb655e6ac9db0 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1		3.8	M	49	ZeroCERT

2203	2024-07-15 09:31	vikis.txt.vbs 26a4c267e7169f70a2f810854c0214cd Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				6.2	M	10	ZeroCERT

2204	2024-07-15 09:30	217.exe 42e2d273ee6215957f2b979737a74b45 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				1.8	M	26	ZeroCERT

2205	2024-07-15 09:30	1PDF.FaturaDetay_202407.exe d8bf792f818877bf4848fde9511caeb8 Emotet Generic Malware Malicious Library Antivirus UPX Confuser .NET .NET framework(MSIL) AntiDebug AntiVM DllRegisterServer dll PE File PE32 MZP Format PowerShell CAB .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk anti-virtualization VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Cryptographic key crashed		2	2	13.6	M	44	ZeroCERT