Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43726	2021-01-26 14:12	fcqlxbz46.zip.exe c3a378610e76964073c2e6c48fac6eaf VirusTotal Malware PDB unpack itself crashed					2.2	M	6	ZeroCERT

43727	2021-01-26 14:11	gjW4pbwFufI4.dll 60aad9ce0fe110e4493741dfd8ba8268 VirusTotal Malware Remote Code Execution					1.6		27	ZeroCERT

43728	2021-01-26 13:51	fcqlxbz46.zip.exe c3a378610e76964073c2e6c48fac6eaf VirusTotal Malware PDB unpack itself DNS crashed					2.8	M	6	ZeroCERT

43729	2021-01-26 13:51	ds1.exe f916848a16adbf47a2091c366494e896 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed					8.4	M	39	ZeroCERT

43730	2021-01-26 12:59	지불 오더 사본.exe 07728383fcd2bac57c8c092620b6678f VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows ComputerName Cryptographic key					3.4		10	guest

43731	2021-01-26 11:37	dkx642ku.rar.exe 2c969b3aa121b53fb327e4a226924c27 VirusTotal Malware PDB unpack itself DNS crashed					2.8	M	6	ZeroCERT

43732	2021-01-26 11:37	Boxed.js 7b91b6b51e225b24ab6cb99e920960a6 malicious URLs					0.8			ZeroCERT

43733	2021-01-26 11:15	ac.exe 8a8ca3903f1148eeec83bb6e6a69a71e VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		3			13.6	M	46	ZeroCERT

43734	2021-01-26 11:13	AbB3tcIc6Nl1f.dll eb637d0ac74e2721706335490a1ae52b Remote Code Execution					0.8			ZeroCERT

43735	2021-01-25 18:23	update.rar.exe ff8fd09a24725169efcaf9c0ab907a4b Email Client Info Stealer Malware SMB Traffic Potential Scan Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Tofsee Windows Browser Email ComputerName DNS keylogger	1 Keyword trend analysis	4	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host SURICATA Applayer Protocol detection skipped ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		22.4	M		ZeroCERT

43736	2021-01-25 18:21	oneclick.exe fe0d1b267c656794fc0044bcb64df59e VirusTotal Malware PDB Check memory Creates executable files RWX flags setting unpack itself AppData folder malicious URLs Remote Code Execution					4.6	M	32	ZeroCERT

43737	2021-01-25 18:15	invoice_451020.doc 470a9928c7507e851407f2511de39d5e exploit crash unpack itself malicious URLs Windows Exploit Trojan DNS crashed	1 Keyword trend analysis	2	2		4.0	M		ZeroCERT

43738	2021-01-25 18:15	document_v152120.doc 3c9b171aa4191384845ffc13021f3a7f VirusTotal Malware exploit crash unpack itself Tofsee Windows Exploit DNS DDNS crashed Downloader	2 Keyword trend analysis	6	4		3.8	M	23	ZeroCERT

43739	2021-01-25 18:11	bit.exe 1b996561af3ecfaca9340058cd17d325 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder Windows ComputerName DNS keylogger		1	5 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		8.8	M	59	ZeroCERT

43740	2021-01-25 18:10	d1o.exe 3c9185aeef60e55001230a5fc8292176 DarkComet VirusTotal Malware AutoRuns suspicious privilege Check memory unpack itself malicious URLs Windows DNS crashed keylogger		1			7.8	M	64	ZeroCERT