Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44716	2020-12-07 11:04	xzx.exe aed69bded2c5920724549a7112b9fecb VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key					11.0	M	46	ZeroCERT

44717	2020-12-07 11:04	xpertwar.exe 85063571eccad2a81103ea6603ba1e08 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check human activity check installed browsers check Interception Windows Browser Email ComputerName DNS crashed		4	5 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		12.8	M	50	ZeroCERT

44718	2020-12-07 11:01	xpertee.exe 2e6f05e8245b62297355f070a6f966df VirusTotal Malware RWX flags setting unpack itself Disables Windows Security malicious URLs Windows crashed					5.0	M	63	ZeroCERT

44719	2020-12-07 10:59	Marry.png.exe d902eaa925495109b9beaf4126a7fec0 VirusTotal Malware PDB unpack itself					2.0	M	11	ZeroCERT

44720	2020-12-07 10:59	tasksmgr.exe 1531789c1af6e12b18ee39a1b2c607be VirusTotal Malware RWX flags setting unpack itself Disables Windows Security malicious URLs Windows crashed					5.0	M	63	ZeroCERT

44721	2020-12-07 10:58	pipsanet.exe c034bcd052ce55471088ff3c367dfcec unpack itself Remote Code Execution					1.6	M		ZeroCERT

44722	2020-12-07 10:47	dev.exe a96253a4b8d3dc0d9cece5aa9145813d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key		1			10.4	M	44	ZeroCERT

44723	2020-12-07 10:45	lv.exe 71a1b9ea48dc4af9f3a0750be7b621b2 Cryptocurrency Miner Cryptocurrency AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check Windows Tor ComputerName DNS crashed	1 Keyword trend analysis	12	8 Info ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 190 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 360 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 792 ET POLICY TLS possible TOR SSL traffic ET POLICY External IP Lookup ip-api.com ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 828 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 719 ET POLICY Cryptocurrency Miner Checkin		13.6			ZeroCERT

44724	2020-12-07 10:43	dev.exe a96253a4b8d3dc0d9cece5aa9145813d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key					11.0	M	44	ZeroCERT

44725	2020-12-07 10:38	conhosts.exe a9e34ef1f1dd7f773bc6941d9b9e3ad9 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities malicious URLs WriteConsoleW Windows DNS keylogger		2			8.6	M	58	ZeroCERT

44726	2020-12-07 10:38	1_4_3.xls 890522e2846bc9ae0ee808db164ccdb5 Dridex VirusTotal Malware Creates executable files unpack itself malicious URLs Tofsee		2	3		4.0	M	25	ZeroCERT

44727	2020-12-07 10:29	l3j9d.exe 115b08b31b94ea10abe9de2764f26e24 VirusTotal Malware unpack itself					2.4		40	r0d

44728	2020-12-07 10:18	http://ddy7itsuemb9i.cloudfron... 54489170004186836278a03ea804c297 Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	3		4.2			ZeroCERT

44729	2020-12-07 10:09	sds.exe a96253a4b8d3dc0d9cece5aa9145813d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key					12.0	M	44	ZeroCERT

44730	2020-12-07 10:08	vbc.exe 65e86fe236bbdf389af34b2e8cf8f211 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key					7.0	M	44	ZeroCERT