Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44641	2024-05-28 11:40	zxcv.exe 99de2efc5673d2d9b51f54570e7cf3f2 Antivirus AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		16 Info widget.uservoice.com(104.17.29.92) fonts.googleapis.com(142.250.207.10) camo.githubusercontent.com(185.199.108.133) www.google-analytics.com(142.250.207.110) 142.251.222.202 104.17.29.92 104.17.30.92 185.199.111.133 - mailcious 104.17.27.92 216.58.200.238 104.17.28.92 104.17.31.92 104.192.108.130 216.239.38.178 104.192.108.79 172.217.25.10	1	6.2	M		ZeroCERT

44642	2024-05-28 12:16	time2time.exe 7ff8c26a36f5a4566990745dff1594f3 Emotet HermeticWiper Gen1 NPKI SmokeLoader Generic Malware UltraVNC PhysicalDrive Suspicious_Script_Bin Buhtrap Group Downloader Malicious Library Malicious Packer Antivirus UPX Admin Tool (Sysinternals etc ...) ASPack Confuser .NET Create Service Socke Browser Info Stealer VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW China anti-virtualization VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser Advertising ComputerName Remote Code Execution Firmware DNS Cryptographic key	19 Keyword trend analysis Info http://spec.cloud.360safe.com/commonquery http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|656,P2PS\|0,PDMode\|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=9&dt=7&size=103774176&ds=14824882.29 http://conf.f.360.cn/getconf.php http://54.251.105.191/msvquery http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt http://104.192.108.110/cloudquery.php http://bp.conf.cloud.360safe.com/getconf.php http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://5.42.66.47/files/setup.exe http://s.360safe.com/safei18n/query_env.htm?v611=DgY0MAEI0c7TigABAACF%2Fun%2BsCIUuKO4l5NILjahqSvMLXSDHb8%2FWuhCOcrv%2FhjSejb2sXIbKLJuE2%2FWLLaX7KSaRN9Ai%2B8kA6OFEpx27%2B%2F93tit1rlfCz8Q0VgSF55x4HM7RzagpOzvLsOpD8ijfES%2Bdq9NAcEpYaLwx4b%2BF5%2FT24ae3ll8xdaTUKsBLOH95azn0d1r3i7jBq0ET7iSqoMyAuki90AEnMrbgH2NdIggPxMpsUzG6r17FYxHBeLdQ6BB8I5DeWaMpIsKPXGFT6f0YxiqiViG1IZjyqU1xSdempia453PrEwV%2BJxCwK%2FreSD%2BnDd3O%2F0DQjtVlGxuY7R6iJ042YiNzq1uaZHZFf43xVAuBnlmKU9JtqupSBfgqyJBPAfJ%2BBLIQ9WgMg8kz1FnXycm0szEMMBTm1ISIEfLlQfMmsGI%2BVLcZHMCN5QpVylh5gwY5TpviZSvN%2BIPJaCr7fxFsaVfNDmjKPQA http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=153 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=17295696&tdl=103774176&tds=17182501&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|24,HttpNum\|19,DnFailCount\|23,FStatus\|1,P2SS\|103774176,P2PS\|0,PDMode\|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=6109&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://tconf.cloud.360safe.com/status.html https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe https://yip.su/RNWPd.exe - rule_id: 37623 https://orion.ts.360.com/installapp?c=&ch=WW.Marketator.CPI20230405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=3b96717f137ac716bab250f817240788&time=1716766485&checksum=E94E8C74AAF3CB2D62391070 https://pastebin.com/raw/V6VJsrV3 - rule_id: 37255	45 Info spec.cloud.360safe.com(104.192.109.75) time-b.timefreq.bldrdoc.gov(132.163.96.2) sd.p.360safe.com(54.230.169.32) tr.p.360safe.com(54.76.174.118) bp.conf.cloud.360safe.com(54.251.105.241) u.qurl.cloud.360safe.com(54.251.106.27) int.down.360safe.com(54.230.176.36) free.360totalsecurity.com(54.192.175.27) a-dira.net(207.180.242.32) yip.su(104.21.79.77) - mailcious conf.f.360.cn(180.163.243.118) tconf.cloud.360safe.com(1.192.193.157) orion.ts.360.com(82.145.215.152) s.360safe.com(54.255.136.181) iup.360safe.com(54.230.61.34) st.p.360safe.com(54.77.42.29) pastebin.com(104.20.3.235) - mailcious 54.230.61.65 54.77.42.29 54.192.175.27 104.192.108.104 54.230.176.105 207.180.242.32 - mailcious 5.42.66.47 - mailcious 54.179.136.152 54.230.176.36 54.230.61.95 104.21.79.77 - phishing 54.251.105.191 54.230.61.39 54.230.61.34 172.67.19.24 - mailcious 54.255.136.181 104.192.108.130 104.192.108.110 104.192.108.118 54.230.169.8 54.76.174.118 54.230.176.22 180.163.243.87 132.163.96.2 82.145.215.156 54.230.176.104 185.172.128.82 - malware 104.192.108.79	11 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)	32.2	M	45	ZeroCERT

44643	2024-05-28 19:49	security-sysdiagnose.txt 53af5ea9689e06df9b62a853cbbc29a3 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			guest

44644	2024-05-28 20:06	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

44645	2024-05-28 20:07	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

44646	2024-05-28 20:07	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

44647	2024-05-28 20:08	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

44648	2024-05-28 20:09	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

44649	2024-05-28 20:09	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

44650	2024-05-28 20:10	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

44651	2024-05-28 20:11	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

44652	2024-05-28 20:12	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

44653	2024-05-28 20:12	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

44654	2024-05-28 20:13	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

44655	2024-05-28 20:14	TCC 2.db-wal af7d177cce594aed5916d443ab6d1833 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest