Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
3361	2020-11-28 10:17	Pdxpforzum1.exe 1cb0218248ea6be6b4fc59e43bb88c99 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				3.0	M	36	ZeroCERT

3362	2020-11-30 12:01	a.exe 2764acacf3bd324b63fb660859fa28f9 Malware download VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Remote Code Execution DNS	2 Keyword trend analysis	1	3	9.6	M	47	ZeroCERT

3363	2020-11-30 12:01	images.exe ee4555ac614048e36aae067b6a032951 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW human activity check Windows ComputerName DNS		1	1	12.8	M	58	ZeroCERT

3364	2020-11-30 12:07	osk.exe 315efcfaf3329dc6fb4a67bbb0b89620 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities WriteConsoleW Windows ComputerName DNS				6.0	M	42	ZeroCERT

3365	2020-11-30 12:07	Invoice_27.11.2020.doc 75ab2dba33584ea3ea57e73a21bab919 Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed	4 Keyword trend analysis	3	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server) ET MALWARE Possible Windows executable sent when remote host claims to send a Text File ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	5.4	M	33	ZeroCERT

3366	2020-11-30 12:13	Wrap.exe 9813598ca60fc1e908f8236d767b14bf VirusTotal Malware suspicious process malicious URLs WriteConsoleW				2.4	M	34	ZeroCERT

3367	2020-11-30 12:16	tlsr.exe d524e4f850643554f0b3308142dba833 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs ComputerName				4.6	M	54	ZeroCERT

3368	2020-11-30 12:17	document.doc 1a37ee9af5af28b2050e16c0eb6e5865 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.2	M	24	ZeroCERT

3369	2020-11-30 18:53	r.exe a5b4252c8bac59ad90a543ec1f2e4a7a VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	61	ZeroCERT

3370	2020-12-01 08:03	http://149.3.170.144/gt-hot/we... bf613fe70f790d4b932601daa60a8797 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	6.0		17	ZeroCERT

3371	2020-12-01 09:50	S3w3ZsAA.exe d91271a9f0236cf9391a3f5581dcd3c8 ICMP traffic malicious URLs		2		2.6			admin

3372	2020-12-01 09:53	565923964123873366320050276814... 843a44fc8293f876b0568ac437ebcd8a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key				6.4	M	37	ZeroCERT

3373	2020-12-01 09:55	1130_206410993.doc 28ab184b90b90e55e154e718eaf4cc1f Vulnerability VirusTotal Malware Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check ComputerName	1 Keyword trend analysis	4	1	9.6	M	15	ZeroCERT

3374	2020-12-01 10:20	urevinisaj.exe ccb76815c9e96925342582ec52a93d36 VirusTotal Malware ICMP traffic malicious URLs		2		3.8		46	admin

3375	2020-12-01 10:20	a.exe 7947c5b373eaceb9ad9797824eb5d918 VirusTotal Malware unpack itself				2.4	M	42	ZeroCERT

First
Previous
221
222
223
224
225
226
227
228
229
230
Next
Last
Total : 48,320cnts

Submissions

1cb0218248ea6be6b4fc59e43bb88c99

2764acacf3bd324b63fb660859fa28f9

ee4555ac614048e36aae067b6a032951

315efcfaf3329dc6fb4a67bbb0b89620

75ab2dba33584ea3ea57e73a21bab919

9813598ca60fc1e908f8236d767b14bf

d524e4f850643554f0b3308142dba833

1a37ee9af5af28b2050e16c0eb6e5865

a5b4252c8bac59ad90a543ec1f2e4a7a

bf613fe70f790d4b932601daa60a8797

d91271a9f0236cf9391a3f5581dcd3c8

843a44fc8293f876b0568ac437ebcd8a

28ab184b90b90e55e154e718eaf4cc1f

ccb76815c9e96925342582ec52a93d36

7947c5b373eaceb9ad9797824eb5d918

View

Insert

Alert