Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44881	2024-06-07 09:34	envio.js 0eea6ce45e121ed22b89a006b3a4c1c3 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			6.6	M	21	ZeroCERT

44882	2024-06-07 09:34	john.scr 280899776fbfcf98c505bf8efe0bbb5e Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS	18 Keyword trend analysis Info http://www.stellardaysigning.com/xb5p/ http://www.fullmoonbird.com/c8sr/?NP0FyU=zxCFcO6tuZe6Dlje2mnTfb6r7hCrJw1WRvLQy3p8EhQbFOxorE0QYFIsUppT5UxA2U7/AhBO7aGzpI5DsnNWO/n9u3OyDwlwLJozLrszN4iVUZEIkN4QT6y8EX8/9tm01YM9dRM=&kESy=xgbqg http://www.kvatromusic.online/yjik/?NP0FyU=gdGtnhc9ASA4qX4b34OgRoYxE/bD+nb59vJiz4FtHHCSzpBYLiuXgNVcIgjaJpSMIjXnBANqWDNRr5Ocy1GAv43NZgQpgrLVhi6C63ziyaNAbXqEiKgPKznZLTw5BnTXjQFFRAg=&kESy=xgbqg http://www.6666111p.vip/y3do/?NP0FyU=LOchJJI7j7x4RSIZOmRKrvMdEDW/MUxucIo24swAQXAkKIo03dsxd6yGfyoydnm7SmxXMXwHD0q4GFP2LgOY7CsTmAi6O8Bpro54P9T4NSt7/iYty+/boiJQGB1N3z+f5OnconY=&kESy=xgbqg http://www.6666111p.vip/y3do/ http://www.hsck520.com/0tno/?NP0FyU=0cMGHWchhwDqjfnLTJDBZveg9su8HvUeph8XCipGvt+qmCtRZPbLeKFNzMXXlvLfrfTQKCJHTw1MhSXlslZDoNUiVnTSVKsqzzLfuZrJDhCegOsSgpp1goso0jrOzq9yXpycRq0=&kESy=xgbqg http://www.silverbrit.info/kj8f/?NP0FyU=4t9Vdj82cePVf5tb2btNPfj+cF91LcmybOtR99dnAhd1RJtV43KyF44o/jxPyXILLT2c7dvr4ObZNHuTbQFO2r18ofp9GNB90rnp1Ohw/CJp1ZbSd7nYHKYFKR9pZcLJ+FI+J6g=&kESy=xgbqg http://www.stellardaysigning.com/xb5p/?NP0FyU=j+BD0p8WhtBdy7Wd/KfVtBKjF7uQGjkUu2IQ9c2WN0jGyCZp1k8Rj1+VKsyVC4FAIa7rNa0t7jcnj4LfrYK/jtIwEqPY6NFmTaOReXQoO8B2hiELl0EMSu8ktx1OCucJ4jnvo9M=&kESy=xgbqg http://www.silverbrit.info/kj8f/ http://www.double2nllc.com/lphk/?NP0FyU=QQ9AzHzvXAdOb0MPNLfjUpWPUVpZplRrayXzypMYhteyq/MKivL68z82kZS9u6bhgeBbY+QYkFf+kg9uvjJAnI3fPdAT94WYiFSy6W9ZWxao1mFD7NGeSFfqjgfGWtv75CStAYk=&kESy=xgbqg http://www.hsck520.com/0tno/ http://www.yetung.com/7ru5/ http://www.kvatromusic.online/yjik/ http://www.yetung.com/7ru5/?NP0FyU=ISPW+m88VBQNqH+k3JW84YG5Fk7QLrErwcAnWTSXodWIF9bOo25oIut7GSly+JY6T9/fHFYUtdHtiF5inQf0UQqeKTQ7bI9uaPa6a3iFF9Uz86xGPiVez/GDzFjvFDmTYUOptkY=&kESy=xgbqg http://www.fullmoonbird.com/c8sr/ http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip http://www.double2nllc.com/lphk/ http://www.beescy.xyz/pdwc/	20 Info www.double2nllc.com(84.32.84.32) www.kvatromusic.online(37.140.192.90) www.yetung.com(121.37.199.72) www.6666111p.vip(35.186.221.100) www.fullmoonbird.com(172.67.176.31) www.beescy.xyz(162.0.213.72) www.hsck520.com(35.190.52.58) www.stellardaysigning.com(76.223.67.189) www.silverbrit.info(217.160.230.215) 172.67.176.31 121.37.199.72 35.190.52.58 37.140.192.90 84.32.84.32 - mailcious 35.186.221.100 162.0.213.72 82.157.201.41 - malware 45.33.6.223 76.223.67.189 217.160.230.215		12.0	M	23	ZeroCERT

44883	2024-06-07 09:34	Update.exe 4c6f04a706e2ca2a0b722336675318da Malicious Library Downloader UPX PE File PE32 MZP Format OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic unpack itself AppData folder Windows Remote Code Execution DNS	2 Keyword trend analysis	3	1	6.2		49	ZeroCERT

44884	2024-06-07 09:36	lionsarekingofthejunglewhotrul... c5af2617421f885a9772a4b51b80cb2a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.2		38	ZeroCERT

44885	2024-06-07 09:37	Tlcf4ubbOhvrFYkon.exe 9c4b350eb7315c2f6f4b2eb64bccd918 Formbook Malicious Library AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process Windows DNS Cryptographic key crashed	6 Keyword trend analysis Info http://www.caxars.store/muti/ http://www.eshopkhaliji.store/muti/?8p=PenW7MtlXSrvxOPA1PJj8U2jUUvXlhwVh1FpwKQCNXiCStQ1MIBfQTqa3m2cpudHTvQpU++Q&4h=vTxdQD-PSRspeX7&sql=1 http://www.eshopkhaliji.store/muti/ http://www.shopadamsstore.com/muti/?8p=rUMPbDi9V+hLkBWFtVE1y7T4O5kE79Gi8Nwpb3xjlkSgEF4tpwDWlQ4hDt2c39K6jtdDQHz5&4h=vTxdQD-PSRspeX7&sql=1 http://www.caxars.store/muti/?8p=vAkEv8VlD6HvoJ7OTZ3UyhPmsIwewVN5MI8wV+ea/g1itgmvOaYSZ0nMfK3GudfMXpkuz2fr&4h=vTxdQD-PSRspeX7&sql=1 http://www.shopadamsstore.com/muti/	8	2	10.8	M	43	ZeroCERT

44886	2024-06-07 09:39	RuntimeBroker.exe 6cf863b98e0282f50e8d5f90f611f664 XMRig Miner Generic Malware UPX Malicious Library ASPack Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Malware Check memory unpack itself Auto service Check virtual network interfaces sandbox evasion WriteConsoleW Browser ComputerName Remote Code Execution Firmware DNS		1		7.2	M	54	ZeroCERT

44887	2024-06-07 09:39	IGCC.exe 29b2b081df5861fed9651766f37b7738 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3	9.6		28	ZeroCERT

44888	2024-06-07 09:41	DZP.exe 8cc057c58bd59166922b1a6fbf9a0ec7 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	3	7.4		23	ZeroCERT

44889	2024-06-07 09:41	www.ps1 b8d18d049050e1e12c378dd2c71cadc6 Generic Malware Antivirus ZIP Format VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	5.2	M	4	ZeroCERT

44890	2024-06-07 09:43	lsass.exe e0354350b177887076f4c89567e0af8d PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key		2	3	4.4	M	50	ZeroCERT

44891	2024-06-07 09:43	lionsarekingandtheyalwaysliket... f6d2ec2d490d72ee7ba25907db5da25a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.2	M	37	ZeroCERT

44892	2024-06-07 09:45	vidar0506.exe 277923785bb9e137228d51c5685ee0ab Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed		1		4.0	M	56	ZeroCERT

44893	2024-06-07 09:45	sevchost.exe ce8a92812da2af7e020a136c9ffeb656 Suspicious_Script_Bin PE File PE32 VirusTotal Malware AutoRuns Creates executable files Windows DNS		2		6.0	M	51	ZeroCERT

44894	2024-06-07 09:47	interestedanglesayingsheismost... 2ae556f4c5d9590b352ad8d26fdee537 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	37	ZeroCERT

44895	2024-06-07 09:47	lionsarekingandudfdidthekingof... 80190d1b737a846f31133525d9577514 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	4.6	M	37	ZeroCERT