Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
3676	2024-05-28 20:07	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

3677	2024-05-28 20:06	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

3678	2024-05-28 19:49	security-sysdiagnose.txt 53af5ea9689e06df9b62a853cbbc29a3 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			guest

3679	2024-05-28 12:16	time2time.exe 7ff8c26a36f5a4566990745dff1594f3 Emotet HermeticWiper Gen1 NPKI SmokeLoader Generic Malware UltraVNC PhysicalDrive Suspicious_Script_Bin Buhtrap Group Downloader Malicious Library Malicious Packer Antivirus UPX Admin Tool (Sysinternals etc ...) ASPack Confuser .NET Create Service Socke Browser Info Stealer VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW China anti-virtualization VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser Advertising ComputerName Remote Code Execution Firmware DNS Cryptographic key	19 Keyword trend analysis Info http://spec.cloud.360safe.com/commonquery http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|656,P2PS\|0,PDMode\|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=9&dt=7&size=103774176&ds=14824882.29 http://conf.f.360.cn/getconf.php http://54.251.105.191/msvquery http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt http://104.192.108.110/cloudquery.php http://bp.conf.cloud.360safe.com/getconf.php http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://5.42.66.47/files/setup.exe http://s.360safe.com/safei18n/query_env.htm?v611=DgY0MAEI0c7TigABAACF%2Fun%2BsCIUuKO4l5NILjahqSvMLXSDHb8%2FWuhCOcrv%2FhjSejb2sXIbKLJuE2%2FWLLaX7KSaRN9Ai%2B8kA6OFEpx27%2B%2F93tit1rlfCz8Q0VgSF55x4HM7RzagpOzvLsOpD8ijfES%2Bdq9NAcEpYaLwx4b%2BF5%2FT24ae3ll8xdaTUKsBLOH95azn0d1r3i7jBq0ET7iSqoMyAuki90AEnMrbgH2NdIggPxMpsUzG6r17FYxHBeLdQ6BB8I5DeWaMpIsKPXGFT6f0YxiqiViG1IZjyqU1xSdempia453PrEwV%2BJxCwK%2FreSD%2BnDd3O%2F0DQjtVlGxuY7R6iJ042YiNzq1uaZHZFf43xVAuBnlmKU9JtqupSBfgqyJBPAfJ%2BBLIQ9WgMg8kz1FnXycm0szEMMBTm1ISIEfLlQfMmsGI%2BVLcZHMCN5QpVylh5gwY5TpviZSvN%2BIPJaCr7fxFsaVfNDmjKPQA http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=153 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=17295696&tdl=103774176&tds=17182501&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|24,HttpNum\|19,DnFailCount\|23,FStatus\|1,P2SS\|103774176,P2PS\|0,PDMode\|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=6109&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://tconf.cloud.360safe.com/status.html https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe https://yip.su/RNWPd.exe - rule_id: 37623 https://orion.ts.360.com/installapp?c=&ch=WW.Marketator.CPI20230405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=3b96717f137ac716bab250f817240788&time=1716766485&checksum=E94E8C74AAF3CB2D62391070 https://pastebin.com/raw/V6VJsrV3 - rule_id: 37255	45 Info spec.cloud.360safe.com(104.192.109.75) time-b.timefreq.bldrdoc.gov(132.163.96.2) sd.p.360safe.com(54.230.169.32) tr.p.360safe.com(54.76.174.118) bp.conf.cloud.360safe.com(54.251.105.241) u.qurl.cloud.360safe.com(54.251.106.27) int.down.360safe.com(54.230.176.36) free.360totalsecurity.com(54.192.175.27) a-dira.net(207.180.242.32) yip.su(104.21.79.77) - mailcious conf.f.360.cn(180.163.243.118) tconf.cloud.360safe.com(1.192.193.157) orion.ts.360.com(82.145.215.152) s.360safe.com(54.255.136.181) iup.360safe.com(54.230.61.34) st.p.360safe.com(54.77.42.29) pastebin.com(104.20.3.235) - mailcious 54.230.61.65 54.77.42.29 54.192.175.27 104.192.108.104 54.230.176.105 207.180.242.32 - mailcious 5.42.66.47 - mailcious 54.179.136.152 54.230.176.36 54.230.61.95 104.21.79.77 - phishing 54.251.105.191 54.230.61.39 54.230.61.34 172.67.19.24 - mailcious 54.255.136.181 104.192.108.130 104.192.108.110 104.192.108.118 54.230.169.8 54.76.174.118 54.230.176.22 180.163.243.87 132.163.96.2 82.145.215.156 54.230.176.104 185.172.128.82 - malware 104.192.108.79	11 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)	32.2	M	45	ZeroCERT

3680	2024-05-28 11:40	zxcv.exe 99de2efc5673d2d9b51f54570e7cf3f2 Antivirus AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		16 Info widget.uservoice.com(104.17.29.92) fonts.googleapis.com(142.250.207.10) camo.githubusercontent.com(185.199.108.133) www.google-analytics.com(142.250.207.110) 142.251.222.202 104.17.29.92 104.17.30.92 185.199.111.133 - mailcious 104.17.27.92 216.58.200.238 104.17.28.92 104.17.31.92 104.192.108.130 216.239.38.178 104.192.108.79 172.217.25.10	1	6.2	M		ZeroCERT

3681	2024-05-28 11:35	beacon.exe 927ee11071594552182a02d7b0b971fa Malicious Library PE64 PE File VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1		4.6	M	63	ZeroCERT

3682	2024-05-28 11:33	zwuivg.exe 9bd9e74ec90979f70c3e6ceead15aa5a Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName DNS Software crashed		3	3	8.8	M	48	ZeroCERT

3683	2024-05-28 11:30	backdoor.exe 32bab4b22104f0e73eb9f98efa619a68 Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS		1		3.6	M	67	ZeroCERT

3684	2024-05-28 11:28	STHealthUpdate.exe 341a6645505c8eaf54ec83738067d0c8 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key crashed				3.2	M	35	ZeroCERT

3685	2024-05-28 11:26	12345.exe 4970de9b0427c9a7fb2691558dd0ba77 Generic Malware Malicious Packer Malicious Library UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed				3.4	M	33	ZeroCERT

3686	2024-05-28 11:24	Zinckeds.exe 8eb3c7bc1ad38ae064eda594deed070b Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed				2.6	M	56	ZeroCERT

3687	2024-05-28 11:21	toolspub1.exe 172f983807439978fc99f21c84902b38 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				2.4	M	38	ZeroCERT

3688	2024-05-28 11:20	AppGate2103v01.exe 1306e81bc13677c04abe69a1d2ca4e12 Generic Malware UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself Windows Remote Code Execution crashed				3.8	M	45	ZeroCERT

3689	2024-05-28 11:17	QEwecfyhj.exe 9efd5e60fd358a4bed2382d3815783ae Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces suspicious TLD Tofsee Windows Browser Email ComputerName DNS Software crashed		2	3	8.6	M	54	ZeroCERT

3690	2024-05-28 11:15	MyCheckBack.exe 58d9da67f31be50170dadd4ff9a837ad RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key crashed				3.4	M	52	ZeroCERT