Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
2446	2020-10-30 09:49	lvs7kabg6ouix3r.exe d32acba23526d5c591027df645884b39 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName DNS		1	1		14.0	M	25	guest

2447	2020-10-30 09:51	p.png.exe d860b8a46bdf5f113c36ecc32760daf8 VirusTotal Malware AutoRuns Malicious Traffic buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder malicious URLs WriteConsoleW IP Check Windows ComputerName	2 Keyword trend analysis	4	1		8.4	M	21	guest

2448	2020-10-30 09:54	lvs7kabg6ouix3r.exe d32acba23526d5c591027df645884b39 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName					12.4	M	25	admin

2449	2020-10-30 09:54	faco.exe ae975e9d679eeb792b89b7e2d19f9d43 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					9.8	M	29	admin

2450	2020-10-30 09:56	PDF220039000003.msi c4214412ef3bbb32f1732e41e9703d83 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName DNS	1 Keyword trend analysis	1			5.0		13	admin

2451	2020-10-30 09:57	o.exe 5cb0213d1dafb33f3ed1255e836572a0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	2			7.2	M	26	admin

2452	2020-10-30 10:05	File 2020_10_30 796239.doc 8bfbba9fbb71e58f31ac8fa7c1558e50 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	5 Keyword trend analysis Info http://mail.bursaevdenevenakliyat.link/jelab/YSS/ - malware http://acredales.com/thank_you/d/ - mailcious http://70.39.251.94:8080/gH08ep1G32djD/OGpQC/znHaBdCroG6WKt4/dwQ1dtkGmEp/petDAyBCcXDl1G/akDqkvRDvLTBYay2wA/ - mailcious http://supportessays.com/wp-admin/iuz/ - mailcious http://www.royalempresshair.com/wp-content/upgrade/Fj/ - mailcious	11 Info mail.bursaevdenevenakliyat.link(159.89.19.237) - mailcious www.royalempresshair.com(45.79.219.198) - mailcious supportessays.com(104.31.64.87) - mailcious acredales.com(104.24.112.218) - mailcious 70.39.251.94 - suspicious 190.202.229.74 - suspicious 159.89.19.237 - suspicious 118.69.11.81 104.24.112.218 - suspicious 104.31.65.87 - suspicious 45.79.219.198 - suspicious	5 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING Possible EXE Download From Suspicious TLD ET INFO EXE - Served Attached HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		6.6	M	18	admin

2453	2020-10-30 10:16	sdt8LHVBCnGpswjV8.exe 0fe9cd1d3d60dc698aec24d0426052b0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			6.2	M	18	admin

2454	2020-10-30 10:18	ebook_29.10.20.exe cd1f5e41d727816c6ca5e6c073130df4 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	23	admin

2455	2020-10-30 10:22	doc-W853091.doc 4c41263708080a14efb194eac91e47c0 Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	5 Keyword trend analysis Info http://mail.bursaevdenevenakliyat.link/jelab/YSS/ - malware http://70.39.251.94:8080/C5oBI1X6pEdWIvL06AS/kU9NVa22gTpJ1OzFj/ - mailcious http://www.royalempresshair.com/wp-content/upgrade/Fj/ - mailcious http://supportessays.com/wp-admin/iuz/ - mailcious http://acredales.com/thank_you/d/ - mailcious	11 Info mail.bursaevdenevenakliyat.link(159.89.19.237) - mailcious www.royalempresshair.com(45.79.219.198) - mailcious supportessays.com(104.31.64.87) - mailcious acredales.com(104.24.113.218) - mailcious 70.39.251.94 - suspicious 190.202.229.74 - suspicious 159.89.19.237 - suspicious 118.69.11.81 104.24.112.218 - suspicious 104.31.65.87 - suspicious 45.79.219.198 - suspicious	5 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING Possible EXE Download From Suspicious TLD ET INFO EXE - Served Attached HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		6.0	M		admin

2456	2020-10-30 10:57	sdt8LHVBCnGpswjV8.exe 0fe9cd1d3d60dc698aec24d0426052b0 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			6.2	M	18	admin

2457	2020-10-30 13:26	zeuslab.exe d49322fb6692faa0a9af82800b60324c VirusTotal Malware PDB					1.4		48	admin

2458	2020-10-30 13:49	http://amarettobh.com.br/sys-c... VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Windows DNS	1 Keyword trend analysis	3			3.8	M		guest

2459	2020-10-30 13:53	http://hankook-hi.co.kr/discor... add2a3411a95dd6e3189600db8b2599c VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	6 Keyword trend analysis Info http://hankook-hi.co.kr/discord-emoji/HG/ - mailcious http://goodherbwebmart.com/ https://seramporemunicipality.org/replacement-vin/Ql4R/ - mailcious https://mayxaycafe.net/wp-includes/UxdWFzYQj/ - mailcious https://enjoymylifecheryl.com/wp-includes/FPNxoUiCz3/ - mailcious https://homewatchamelia.com/wp-admin/qmK/ - mailcious	16 Info 420extracts.ca() - mailcious seramporemunicipality.org(104.28.18.90) - mailcious goodherbwebmart.com(79.172.193.70) imperfectdream.com(35.213.176.43) - mailcious hankook-hi.co.kr(15.164.52.139) - mailcious homewatchamelia.com(172.67.148.194) - mailcious mayxaycafe.net(104.28.7.70) - mailcious enjoymylifecheryl.com(104.18.63.171) - mailcious 79.172.193.70 35.213.176.43 - suspicious 104.28.6.70 15.164.52.139 - suspicious 104.28.19.90 - suspicious 172.67.180.161 172.67.148.194 117.18.232.200 - suspicious	1		7.4	M		admin

2460	2020-10-30 14:51	http://eventlarva.com/7/forum.... Code Injection RWX flags setting unpack itself Windows utilities Windows	1 Keyword trend analysis	2			2.6			admin

First
Previous
161
162
163
164
165
166
167
168
169
170
Next
Last
Total : 48,289cnts