Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44701	2024-05-28 20:55	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

44702	2024-05-28 20:56	._TCC 2.db-wal 45eefdc390273286afcc07d798eb1807 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

44703	2024-05-28 20:57	remotectl_dumpstate.txt 3dc6e96f5529d63f1633b68f372ef108 ScreenShot AntiDebug AntiVM Check memory unpack itself DNS				1.6			guest

44704	2024-05-28 20:58	remotectl_dumpstate.txt 3dc6e96f5529d63f1633b68f372ef108 ScreenShot AntiDebug AntiVM				0.4			guest

44705	2024-05-29 07:34	svhost.exe bb1529af37bcc44a4d65ee8da4ab05be Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				2.8	M		ZeroCERT

44706	2024-05-29 07:34	cccc.exe 9cc841f6d5cf6841524a926e9f8f35fa Generic Malware Malicious Packer Malicious Library UPX PE File .NET EXE PE32 DLL OS Processor Check Check memory Checks debugger Creates executable files unpack itself AppData folder				2.2	M		ZeroCERT

44707	2024-05-29 07:36	ZinTask.exe dba7abdb1d2ada8cb51d1c258b1b3531 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check unpack itself crashed				1.2	M		ZeroCERT

44708	2024-05-29 07:36	lordga.exe 2a302c859a9ad3a02c688e9f812221be Malicious Library VMProtect PE File PE32 unpack itself				1.4	M		ZeroCERT

44709	2024-05-29 07:38	crypted_c360a5b7.exe e10f94c9f1f1bb7724a9f0d7186f657e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check unpack itself crashed				1.2	M		ZeroCERT

44710	2024-05-29 07:38	UpdateTool_858.exe d8f99e1587679eac41a5a3954e974613 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB Check memory RWX flags setting unpack itself				1.8	M		ZeroCERT

44711	2024-05-29 07:40	3.exe 70097b5b96f1a0bffc073f26cb4bdc42 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check unpack itself				1.2	M		ZeroCERT

44712	2024-05-29 07:43	csrss.exe 592f4e7b67ef1b268f799dd2464b62ab AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE64 PE File Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	3	11.2			ZeroCERT

44713	2024-05-29 07:45	csrss.exe 54799fee84c11edd9e0b221612bf2631 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE64 PE File Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	3	11.2			ZeroCERT

44714	2024-05-29 10:03	lioniskingandtigerisalsotrying... 313f69e46a9dbc05f6a77d87b4170be8 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	5	9 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	34	ZeroCERT

44715	2024-05-29 10:05	lioniskingandtigerisalsotrying... e1f38ac4318814b4f2006f9311702fbb MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	9 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	4.6	M	36	ZeroCERT