Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
30811	2022-05-24 07:48	wzZ3RIsItxZsu77MFxs 852b163f5e47ff631a8c37410525f243 Malicious Packer Malicious Library DLL PE File PE64 VirusTotal Malware AutoRuns Checks debugger unpack itself Auto service suspicious process AntiVM_Disk VM Disk Size Check Windows					4.2		15	ZeroCERT

30812	2022-05-24 07:37	939025739.hta f8927c8040386cb895fb55208bb52c84 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.0	M	1	ZeroCERT

30813	2022-05-24 07:35	upload.hta 99971c5e84c23a0afbe59d7b24f0c8f5 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.2	M	10	ZeroCERT

30814	2022-05-23 18:00	9boJQZpTSdQE 8d3fb91703422f1dc70f8afa09753c64 Malicious Packer Malicious Library DLL PE File PE64 AutoRuns Checks debugger unpack itself Auto service suspicious process AntiVM_Disk VM Disk Size Check Windows					3.6	M		ZeroCERT

30815	2022-05-23 17:43	9boJQZpTSdQE 8d3fb91703422f1dc70f8afa09753c64 Malicious Packer Malicious Library DLL PE File PE64 AutoRuns Checks debugger unpack itself Auto service suspicious process Windows					3.2			ZeroCERT

30816	2022-05-23 17:39	Delivery Note DHL AWB NO002344... b5a10e6336b475e0780e809761bf2e54 UPX Malicious Library PE32 PE File .NET DLL DLL PNG Format PE64 JPEG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.8		9	ZeroCERT

30817	2022-05-23 17:37	45d.hta 3bfd999eda204b57268a50624de91537 Generic Malware Antivirus Malicious Library PowerShell PE32 PE File Malware download Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key Downloader	1 Keyword trend analysis	2	3	1	9.6	M		ZeroCERT

30818	2022-05-23 17:35	2saGKy0qR5LA8uM 31a6de43f4c66603ffd621c21df3851c UPX Malicious Library PE32 OS Processor Check DLL PE File Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report Checks debugger unpack itself sandbox evasion Kovter ComputerName DNS		8	7 Info ET CNC Feodo Tracker Reported CnC Server group 13 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 24 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 18 ET CNC Feodo Tracker Reported CnC Server group 10 ET INFO TLS Handshake Failure		5.2	M	34	ZeroCERT

30819	2022-05-23 17:01	%EF%BB%BF268_1.exe d836a3e33d4b12926305b2c06ffc64d2 PWS[m] RedLine stealer[m] RAT UPX Malicious Library Code injection AntiDebug AntiVM PE32 OS Processor Check PE File VirusTotal Malware Buffer PE Code Injection buffers extracted unpack itself					7.6	M	41	ZeroCERT

30820	2022-05-23 17:00	file.exe 0bcddfb0ea50dae3ca1a5186e624d95b PE File PE64 Browser Info Stealer VirusTotal Malware Checks debugger WMI Windows utilities suspicious process WriteConsoleW Windows Browser ComputerName					5.6	M	39	ZeroCERT

30821	2022-05-23 17:00	zjprcfflmz.exe 319d83c3aa8f52f7f717d21f7a5c3540 Themida Packer Malicious Packer PE File PE64 VirusTotal Malware unpack itself Windows crashed					2.8	M	34	ZeroCERT

30822	2022-05-23 16:57	%EF%BB%BF296_2.exe 7010fcef8ef1d66b47d9b802d2f4052e UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware					1.0	M	30	ZeroCERT

30823	2022-05-23 16:57	re.exe 6293e49735fd4abb1501537cbf308ede PE File PE64 Browser Info Stealer VirusTotal Malware Checks debugger WMI Windows utilities suspicious process WriteConsoleW Windows Browser ComputerName					4.8	M	27	ZeroCERT

30824	2022-05-23 16:55	filename.exe 407d43e4d1bd53450b265e75cac1c7ee NPKI PE File PE64 Browser Info Stealer VirusTotal Malware Checks debugger WMI Windows utilities suspicious process WriteConsoleW Windows Browser ComputerName					5.0	M	36	ZeroCERT

30825	2022-05-23 16:55	ItsMe.lnk d09f67179edf34f085786931c48f984f Generic Malware Antivirus Malicious Library AntiDebug AntiVM GIF Format PowerShell PE32 PE File Malware download Vulnerability VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Interception Windows Exploit ComputerName Cryptographic key Downloader	2 Keyword trend analysis	2	5 Info ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY Possible HTA Application Download ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		12.4	M	10	ZeroCERT