Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
4186	2021-01-04 22:38	SGHKTD.exe 62e18a39916c9bf82ef1b8d19d429925 AutoRuns Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows ComputerName DNS DDNS		2	1		9.4	M		ZeroCERT

4187	2021-01-05 08:03	http://menol.eu/wp/mT/ 14f59a1ea2283c858ea95fc4b14e719c Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		2	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		5.0	M		ZeroCERT

4188	2021-01-05 09:49	3DSXMACC6MUCS0N.doc 379b78c9d16039d7993e1e7703c2d524 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS		3	4		5.2	M	21	ZeroCERT

4189	2021-01-05 10:09	A8QXXV0I33NDQDZ.doc faf2165619d1daa46b0d172147a52541 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS	1 Keyword trend analysis	3	4	1	5.2	M	21	ZeroCERT

4190	2021-01-05 10:11	ac.exe 29e43b9937420f643f53af873c84b858 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName		3			11.0	M	20	ZeroCERT

4191	2021-01-05 10:13	ac2.exe b16432bd584c9117d4dee9abc137499c VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		3			13.4	M	53	ZeroCERT

4192	2021-01-05 11:32	ds1.exe 923949852c2c3ee9e6badc9d8461bd34 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed					10.0	M	48	ZeroCERT

4193	2021-01-05 11:32	aLOKKbSPhUWqcVCXI.dll ecad7f36a5e3c8fe798c5b04b50cd1a4 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		1	6.8	M	12	ZeroCERT

4194	2021-01-05 12:24	ds2.exe a2a8aec5eb32af3ed72c1b9a13bbead5 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process malicious URLs Windows ComputerName Cryptographic key					11.2	M	55	ZeroCERT

4195	2021-01-05 12:24	ds12.exe cffaa868ac7a83f2445cb1560cee3018 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs DNS crashed					9.0	M	18	ZeroCERT

4196	2021-01-05 12:27	file2.exe cda50506fc8222349a4075117a896310 VirusTotal Malware RWX flags setting unpack itself malicious URLs Interception crashed		2			4.0	M	16	ZeroCERT

4197	2021-01-05 12:28	JIYAOcNz9PnnHBPR8IE.dll 8c5d3647e0f6ddc816f68672d676e185 Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			6.2	M		ZeroCERT

4198	2021-01-05 13:22	LwtKphm0VioM5i.dll 01a02861ee9e23fc4c44bd829ee5c69c VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key		1			6.0	M	9	ZeroCERT

4199	2021-01-05 13:22	LPXG5NYP6IOKKZ.doc 413be7b6ad6a700647c63d645442db4b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	4 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://90.160.138.175/3um8rbhey600v/hp7y/ - rule_id: 207 http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1609820182&mv=m&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2?cup2key=10:1310171581&cup2hreq=1f33afdfb7a555c1cb41a46e19d5c7c6a628de427eb56bcdabd1b6aabc623dc6	5	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	1	5.2	M	20	ZeroCERT

4200	2021-01-05 13:51	PDFView.exe 5550592bb2d7a6a4226975d1c80ac7a4 VirusTotal Malware PDB malicious URLs Remote Code Execution					2.4	M	19	ZeroCERT

First
Previous
271
272
273
274
275
276
277
278
279
280
Next
Last
Total : 48,355cnts

Submissions

62e18a39916c9bf82ef1b8d19d429925

14f59a1ea2283c858ea95fc4b14e719c

379b78c9d16039d7993e1e7703c2d524

faf2165619d1daa46b0d172147a52541

29e43b9937420f643f53af873c84b858

b16432bd584c9117d4dee9abc137499c

923949852c2c3ee9e6badc9d8461bd34

ecad7f36a5e3c8fe798c5b04b50cd1a4

a2a8aec5eb32af3ed72c1b9a13bbead5

cffaa868ac7a83f2445cb1560cee3018

cda50506fc8222349a4075117a896310

8c5d3647e0f6ddc816f68672d676e185

01a02861ee9e23fc4c44bd829ee5c69c

413be7b6ad6a700647c63d645442db4b

5550592bb2d7a6a4226975d1c80ac7a4

View

Insert

Alert