Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44791	2024-06-01 08:31	smartsoftsignew.exe 66a5a529386533e25316942993772042 Emotet Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM PE File PE32 PowerShell DLL MSOffice File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	2	3	9.6		14	ZeroCERT

44792	2024-06-01 08:32	CapSimple.exe d86ff3c02aefcd74ece7eb45ee226806 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4	M	50	ZeroCERT

44793	2024-06-01 08:33	New.exe c6ea25255fd7c184d6dfb684ac82e351 Generic Malware task schedule Malicious Library Antivirus KeyLogger AntiDebug AntiVM PE64 PE File Malware download AsyncRAT NetWireRC VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed		2	2	10.4	M	44	ZeroCERT

44794	2024-06-01 08:51	RambledMime.exe 8ccd94001051879d7b36b46a8c056e99 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4		52	ZeroCERT

44795	2024-06-01 08:51	victor.exe 01cff6fb725465d86284505028b42cfd Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4		57	ZeroCERT

44796	2024-06-01 08:53	WxWorkMultiOpen.exe 2ddfe23a170af97ebbfe8ccc260ef462 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege sandbox evasion				1.8	M	23	ZeroCERT

44797	2024-06-01 08:54	newlionscameonthejungletheyare... 6fd5b991c985e807a1e46cba0bed3d67 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2	4.2	M	32	ZeroCERT

44798	2024-06-01 08:56	RambledMimets.exe 19b9de641a480be1236dd9712d9ccc10 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.2	M	31	ZeroCERT

44799	2024-06-01 09:00	gps_1688.exe c2c6ca7a9dea1fc9708b57d3ae1d9bc7 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory RWX flags setting unpack itself				2.2	M	8	guest

44800	2024-06-01 09:01	ld.exe 71efe7a21da183c407682261612afc0f Generic Malware Malicious Library Malicious Packer Antivirus UPX PE64 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates shortcut unpack itself suspicious process AntiVM_Disk sandbox evasion WriteConsoleW Ransom Message Turn off Windows Error Recovery notification window anti-virtualization IP Check VM Disk Size Check installed browsers check Ransomware Windows Browser ComputerName DNS	2 Keyword trend analysis	3	4	13.4	M	61	ZeroCERT

44801	2024-06-01 09:02	360TS_Setup_Mini_WW.Peter.CPI2... 2de14d82238bf5395e0b95e551ab8e00 HermeticWiper Generic Malware PhysicalDrive Malicious Library Downloader Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges PWS Internet API AntiDebug AntiVM PE File PE32 CAB OS Processor Check DLL PNG Format VirusTotal Malware PDB Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk China anti-virtualization VM Disk Size Check human activity check Tofsee Windows Remote Code Execution	8 Keyword trend analysis Info http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Peter.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153 http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|656,P2PS\|0,PDMode\|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Peter.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=20754835&tdl=103774176&tds=21074244&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|24,HttpNum\|19,DnFailCount\|23,FStatus\|1,P2SS\|103774176,P2PS\|0,PDMode\|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=5000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS https://orion.ts.360.com/installapp?c=&ch=WW.Peter.CPI202405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1717228204&checksum=B8925F61EE911EB0BB940A15	21 Info sd.p.360safe.com(54.230.169.19) tr.p.360safe.com(54.76.174.118) int.down.360safe.com(13.225.114.95) st.p.360safe.com(54.77.42.29) iup.360safe.com(54.230.61.34) orion.ts.360.com(82.145.215.152) s.360safe.com(54.255.136.181) 54.230.61.65 13.225.114.36 13.225.114.95 54.254.196.234 54.255.136.181 54.77.42.29 54.76.174.118 13.225.114.61 82.145.215.156 54.230.61.95 54.230.169.8 13.225.114.50 54.230.61.39 54.230.61.34	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	7.8		2	ZeroCERT

44802	2024-06-01 23:55	http://k0iyj8.bksinghgloballea... 907619edc8ff1338fe484f1d582d5f25 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit Java DNS crashed	3 Keyword trend analysis	4	4	4.2			guest

44803	2024-06-03 07:25	volumeinfo.exe e817cc929fbc651c5bdab9e8cca0d9d9 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.6	M	49	ZeroCERT

44804	2024-06-03 07:25	Zinker.exe b11913361b2d4c43c00c1969184050a8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4		52	ZeroCERT

44805	2024-06-03 07:27	abc.ps1 33d57171c178785001cbdb8aff121710 Generic Malware Antivirus VirusTotal Malware unpack itself				1.4	M	36	ZeroCERT