Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44566	2020-12-15 18:11	hktestfile.scr 7da4f5e17791a774131c3c97538a2495 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed					7.8	M	20	guest

44567	2020-12-15 16:18	heavy.exe d3858ef6f7ab89450aaab1690885da3b VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	1		15.2	M	37	r0d

44568	2020-12-15 15:39	heavy.exe d3858ef6f7ab89450aaab1690885da3b VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	4	1		16.2	M	25	ZeroCERT

44569	2020-12-15 15:38	fortyseven.scr ffb62e258c1d595d7de22792aef45cca VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key					5.4	M	18	ZeroCERT

44570	2020-12-15 15:22	fortyseven.scr ffb62e258c1d595d7de22792aef45cca VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key					5.4	M	18	ZeroCERT

44571	2020-12-15 15:02	DIEN CT AP001-2020-DEC15.scr cdb5263c2d9c614ff624decc25c2d15b Browser Info Stealer Email Client Info Stealer Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Windows Browser Email ComputerName DNS		1			16.2			guest

44572	2020-12-15 14:44	DOC_69061004.doc ce9a45e819d63dfea62902796a33a307 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee	1 Keyword trend analysis	15 Info datvietquan.com(103.97.125.60) - malware ypddf.org(172.96.189.174) - malware daisyboots.co.uk(31.220.16.209) - mailcious albasisgroup.com(205.144.171.109) - mailcious asmaraloka.com(139.162.2.200) - mailcious www.asmaraloka.com(139.162.2.200) - mailcious subramanyatemple.org(103.212.121.63) - mailcious thanhthatbadinh.com(150.95.110.87) - malware 103.212.121.63 - mailcious 205.144.171.109 - mailcious 139.162.2.200 - mailcious 103.97.125.60 - malware 150.95.110.87 - malware 172.96.189.174 - malware 31.220.16.209 - mailcious	3		4.6	M	44	ZeroCERT

44573	2020-12-15 14:41	binl.exe 963f555140e20e291c2fac67a5186c15 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key	12 Keyword trend analysis Info http://www.mrcabinetkitchenandbath.com/bw82/ http://www.xn--oi2b190cymc.com/bw82/ http://www.xn--oi2b190cymc.com/bw82/?7ntl9Tfh=u3mIEO7S2jpcCNzGap3V7GnWoZ6byXdDGQc9TZtHwlHE0/S/m+Ek+z3BS3DZiW4dRqN2gVn1&Ppd=Hb04qRX8xpNdMl http://www.exlineinsurance.com/bw82/?7ntl9Tfh=BmIsBEloLc/PpxxxkqeO/+wp1eRqaF5UDtwx0wOakOw3DMvjZvU2EPbm5c7g7p6k7NfDBGcL&Ppd=Hb04qRX8xpNdMl http://www.sedaskincare.com/bw82/ http://www.wmarquezy.com/bw82/ http://www.okcpp.com/bw82/?7ntl9Tfh=Mfpkxl91HSlRqF4UwnoLlCSItQE/DRVdVWsqLGW7UZi4jMe9Kfon6cyi45I/1E+fR8PCPduN&Ppd=Hb04qRX8xpNdMl http://www.okcpp.com/bw82/ http://www.wmarquezy.com/bw82/?7ntl9Tfh=/EPqbtSARGzilFdTRYE1urAc3bDaNMBRSm6tJpb+ckA41wFrw7Re59/hr+veajPbLei9XJ0s&Ppd=Hb04qRX8xpNdMl http://www.sedaskincare.com/bw82/?7ntl9Tfh=Tct1hGrTsO4wXuX+7y4OUHCQTPZT/SHKJbEPAo1kRuxvuV11m4iT8otUrtDadXdmrqCWO0Rp&Ppd=Hb04qRX8xpNdMl http://www.exlineinsurance.com/bw82/ http://www.mrcabinetkitchenandbath.com/bw82/?7ntl9Tfh=DoywHH0WXa0EuUiczFl753h8vUVk6pV7PwGnyHKpGozX/qYK04L54TieHAYPaGFoh+Tr5rtG&Ppd=Hb04qRX8xpNdMl	13 Info www.okcpp.com(3.134.22.63) www.xn--oi2b190cymc.com(112.175.185.27) www.sedaskincare.com(208.91.197.27) www.wmarquezy.com(192.0.78.24) www.exlineinsurance.com(182.50.132.242) www.mrcabinetkitchenandbath.com(108.167.156.42) www.joeisono.com() 3.134.22.63 208.91.197.27 - mailcious 112.175.185.27 - mailcious 182.50.132.242 - mailcious 192.0.78.25 - mailcious 108.167.156.42			9.8	M	18	ZeroCERT

44574	2020-12-15 14:40	DEKK.scr 96415c7cc22dc59c3c112c02b3fecf2e VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis	2	1		5.6	M	32	ZeroCERT

44575	2020-12-15 14:33	cax.exe a88c0408e7888f549e40940279758fa6 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs Tofsee Interception DNS crashed	1 Keyword trend analysis	4	1		6.4	M	38	ZeroCERT

44576	2020-12-15 14:33	binl.exe 963f555140e20e291c2fac67a5186c15 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					8.6	M	18	ZeroCERT

44577	2020-12-15 13:06	bin2.exe 4c512f97ee6ca51c5e68d7b3d107bc61 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key	9 Keyword trend analysis Info http://www.woodlandpizzahartford.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=EgjYCCjbkfVj9ehGxTuHAhcpQboFBLSXtFcJRUu6FmW11AJT4F0+EqeE2EWzm0j+z/EHekc6 http://www.rizrvd.com/bw82/?KzrtE=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&p0G=kJEPdT4h62WlCf http://www.cbrealvitalize.com/bw82/ http://www.mgg360.com/bw82/ http://www.mgg360.com/bw82/?KzrtE=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&p0G=kJEPdT4h62WlCf http://www.cbrealvitalize.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ http://www.woodlandpizzahartford.com/bw82/ http://www.gdsjgf.com/bw82/ http://www.gdsjgf.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB	10			10.2	M	24	ZeroCERT

44578	2020-12-15 13:05	bin.exe 9b61c80ef5a2c160718ef3550985be43 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows Cryptographic key	6 Keyword trend analysis Info http://www.thedancehalo.com/bw82/ http://www.mgg360.com/bw82/ http://www.lakegastonautoparts.com/bw82/?OVolp=juBLB0WqzeXPFoNXoiaKUMHcPI3xC2bTDg9jeDe0t8cj29/tW+mLTBuOwrYIlHJeRY+fWQQT&lhv4=H0DTRf2P8nD0BN http://www.mgg360.com/bw82/?OVolp=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&lhv4=H0DTRf2P8nD0BN http://www.thedancehalo.com/bw82/?OVolp=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&lhv4=H0DTRf2P8nD0BN http://www.lakegastonautoparts.com/bw82/	6			12.6	M	22	ZeroCERT

44579	2020-12-15 12:58	bin2.exe 4c512f97ee6ca51c5e68d7b3d107bc61 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					8.4	M	24	ZeroCERT

44580	2020-12-15 12:58	bin.exe 9b61c80ef5a2c160718ef3550985be43 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key					9.4	M	22	ZeroCERT