Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44896	2020-12-02 09:04	http://canadiantourismroundtab... 107f4a58dc56c803088abb23d29b279c Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		2	5		5.0	M	53	ZeroCERT

44897	2020-12-01 18:07	mrtye.exe efde3bc2f9662d8d9993fcfae911f243 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Check memory buffers extracted WMI Creates executable files ICMP traffic unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Windows Browser Email ComputerName Remote Code Execution DNS DDNS crashed		4	2		12.2	M	57	ZeroCERT

44898	2020-12-01 14:07	MicrosoftStores.exe e4bec86181d4f9c07ded5fa2ef30b59c VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET INFO Executable Download from dotted-quad Host ET INFO AutoIt User Agent Executable Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.4	M	45	ZeroCERT

44899	2020-12-01 14:02	mem.exe ffa010213169329c8df764ee0467ba6d VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs					4.8	M	20	ZeroCERT

44900	2020-12-01 13:56	jbrowserQ.exe e238e9ba96488420465f54b03439d59a VirusTotal Malware AutoRuns Code Injection Creates executable files unpack itself sandbox evasion Windows DNS crashed					8.0	M	54	ZeroCERT

44901	2020-12-01 13:56	ivr.exe 58855dce814f68f6d77f6ecbbe0682ce VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		2			10.4	M	48	ZeroCERT

44902	2020-12-01 13:52	fola.exe 26f266e31e7fcd9e39673ccb5a0c89ee VirusTotal Malware AutoRuns Code Injection Creates executable files unpack itself sandbox evasion Windows crashed					6.8	M	53	ZeroCERT

44903	2020-12-01 13:51	invoice-8354.xls 083180373c90e327242248101c9864a1 VirusTotal Malware unpack itself malicious URLs DNS					2.4	M	17	ZeroCERT

44904	2020-12-01 13:49	fola.exe 26f266e31e7fcd9e39673ccb5a0c89ee VirusTotal Malware AutoRuns Code Injection Creates executable files unpack itself sandbox evasion Windows crashed					7.4	M	53	ZeroCERT

44905	2020-12-01 13:47	ht.exe 4921a852077c0e254906e913190900b3 VirusTotal Malware unpack itself DNS					3.0	M	52	ZeroCERT

44906	2020-12-01 13:31	document.doc f885ae8d06eaae37527bf1e334e2426f VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	27	ZeroCERT

44907	2020-12-01 13:30	case-9939.xls 95a5530cef9155fb8ba500808fb05f03 VirusTotal Malware unpack itself					1.0	M	16	ZeroCERT

44908	2020-12-01 11:09	case.8851.xls 9dee725aefee7d74dcae0f7fd5c33e42 VirusTotal Malware unpack itself malicious URLs					1.8	M	15	ZeroCERT

44909	2020-12-01 11:07	c.exe 31e2d404ce2317fd30f6cc0af725940f VirusTotal Malware unpack itself					2.2	M	36	ZeroCERT

44910	2020-12-01 11:07	c47bea09f8affb91_fiksat.dll 930d232f0285d130cff2c5342e214aec Check memory crashed					0.8			admin