Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43981	2021-01-12 13:18	vbc.exe 718b3cd2b3a580da37d417dee8fcdc19 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs installed browsers check Browser Email ComputerName Software		2			13.6	M	19	ZeroCERT

43982	2021-01-12 12:14	svchost.exe 18429cbae06b28c34598acde5e6400e1 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName DNS					4.0	M	43	ZeroCERT

43983	2021-01-12 11:21	regasm.exe 554a4a7704f705e261d16d8d32017700 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName					3.2	M	35	ZeroCERT

43984	2021-01-12 11:18	photo3.exe 2f46f0277d83e701a3f21f8c16de3fb0 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName Remote Code Execution Software crashed keylogger					11.4	M	42	ZeroCERT

43985	2021-01-12 11:07	1.exe 40fc48e86837f7cf7b2ad7d776e81d94 Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs ComputerName Trojan DNS Downloader		1	3		6.0	M	38	ZeroCERT

43986	2021-01-12 11:06	4ca366c44e5e2c7a3beba80f8f42e3... 5af4be6f3c1e5064f2a9fd62ea62bb6e VirusTotal Malware unpack itself					2.6	M	36	ZeroCERT

43987	2021-01-12 11:02	lv.exe ab3580b5eb547523abf3c29133504c64 VirusTotal Malware AutoRuns Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check Windows ComputerName DNS crashed	1 Keyword trend analysis	3	1		12.4	M	47	ZeroCERT

43988	2021-01-12 11:01	123.exe 1d9ac32d34500199a55e4c88cc6f4ca0 Malware download VirusTotal Open Directory Cryptocurrency Miner Malware Cryptocurrency SMB Traffic Potential Scan AutoRuns Code Injection Check memory Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows Exploit Browser ComputerName Remote Code Execution Trojan DNS Downloader	2 Keyword trend analysis	9	14 Info ET INFO Executable Download from dotted-quad Host ET POLICY Unsupported/Fake Windows NT Version 5.0 ET MALWARE Single char EXE direct download likely trojan (multiple families) ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY Executable and linking format (ELF) file download ET INFO DYNAMIC_DNS Query to 3322.net Domain .3322.net ET POLICY Cryptocurrency Miner Checkin ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain .3322.net ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection		19.0	M	47	ZeroCERT

43989	2021-01-12 11:00	4ca366c44e5e2c7a3beba80f8f42e3... 5af4be6f3c1e5064f2a9fd62ea62bb6e VirusTotal Malware unpack itself DNS		1			3.2	M	36	ZeroCERT

43990	2021-01-12 10:56	bb.exe 3a702e923d66123f6efa0a363d835475 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Check memory Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Browser Remote Code Execution DNS		3	1		13.0		50	ZeroCERT

43991	2021-01-12 10:56	file.exe 30910bccf7b3d9d26cfd4cb6936b83fc VirusTotal Malware unpack itself Remote Code Execution					3.0	M	27	ZeroCERT

43992	2021-01-11 17:27	1.exe 1ff59d25828ac6ee321e571439410b12 VirusTotal Cryptocurrency Miner Malware Cryptocurrency SMB Traffic Potential Scan AutoRuns Check memory Creates executable files ICMP traffic unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName Remote Code Execution		5	5 Info ET INFO DYNAMIC_DNS Query to 3322.net Domain .3322.net ET POLICY Cryptocurrency Miner Checkin ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET POLICY Unsupported/Fake Windows NT Version 5.0 ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain .3322.net		14.2	M	53	ZeroCERT

43993	2021-01-11 17:25	88p.exe 7f9758746499f5261ec206fcc962e929 VirusTotal Malware Check memory unpack itself Remote Code Execution					2.6	M	48	ZeroCERT

43994	2021-01-11 10:20	WB.exe 7afac9710e7ce1ff9b3b876702a8da03 VirusTotal Malware Check memory buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs Windows Remote Code Execution					9.0	M	45	ZeroCERT

43995	2021-01-11 10:19	svchost.exe df850a023c4594ece918855a62d1b842 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory unpack itself Windows utilities suspicious process AppData folder Windows ComputerName DNS crashed Downloader	1 Keyword trend analysis	2	2		10.6	M	44	ZeroCERT