| 45151 |
2020-11-19 15:15
|
whatisthisherefor.exe 735384bc0506a27f518e04f4124a591e
VirusTotal Malware MachineGuid Code Injection Check memory WMI Creates executable files unpack itself Windows utilities malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS crashed |
7
http://go.microsoft.com/fwlink/?LinkID=88340
http://www.msftncsi.com/ncsi.txt
http://go.microsoft.com/fwlink/?LinkID=88339
http://go.microsoft.com/fwlink/?LinkID=88338
https://activation.sls.microsoft.com/slspc/SLActivate.asmx
https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx
https://activation.sls.microsoft.com/slrac/SLCertify.asmx
|
3
activation.sls.microsoft.com(40.91.72.206)
40.91.72.206
121.254.136.49
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45152 |
2020-11-19 15:14
|
upgrade.doc 346dc04c2c3627d3726c65f86ff495d0
Vulnerability VirusTotal Malware buffers extracted Creates executable files exploit crash unpack itself malicious URLs Windows Exploit crashed |
|
2
wordupdate.com(104.27.185.80) - malware
104.27.185.80 - suspicious
|
3
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2
|
|
6.2 |
M |
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45153 |
2020-11-19 13:49
|
sftp.exe 79f226cec7d09ef5c2b96e1870651324
VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Windows DNS Cryptographic key DDNS crashed |
|
2
8e3d-wzr.duckdns.org(192.169.69.26) - mailcious
156.96.44.201 - suspicious
|
2
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET DROP Spamhaus DROP Listed Traffic Inbound group 17
|
|
14.8 |
M |
50 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45154 |
2020-11-19 13:46
|
r.exe a5b4252c8bac59ad90a543ec1f2e4a7a
VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
50 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45155 |
2020-11-19 13:26
|
lol.exe aa938dc5d017dd009fe1649e61380c86
VirusTotal Malware suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName crashed |
|
|
|
|
7.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45156 |
2020-11-19 13:25
|
lolv2.exe db850f73090ae8108522466650c1d9ae
VirusTotal Malware Creates executable files Windows utilities WriteConsoleW Windows |
|
|
|
|
3.4 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45157 |
2020-11-19 10:22
|
IT4l74TKgSA7p92.exe ab2997f06c883b00764bcdae89b8b2d6
VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName crashed |
|
|
|
|
9.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45158 |
2020-11-19 10:09
|
formbook.exe bc1b1f3d1f8ffb3494f9d5b74c0294fd
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself |
|
|
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45159 |
2020-11-19 10:05
|
content.exe 9120704bbeb7458efc6491283ff5c528
VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key |
|
2
54.235.83.248
23.82.140.14
|
|
|
11.6 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45160 |
2020-11-19 10:01
|
bitbit.exe 4383cfdf8af01edd3110a25c33763c2d
ENERGETIC BEAR VirusTotal Malware suspicious privilege unpack itself malicious URLs Windows Tor DNS keylogger |
|
3
mfon.greaterfr.ml(23.105.131.165)
23.105.131.165
163.172.184.243
|
2
ET INFO DNS Query for Suspicious .ml Domain
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247
|
|
7.6 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45161 |
2020-11-19 10:01
|
ayox.exe 21a0b271edce3702889bd4fe4205f90d
Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor ComputerName DNS Cryptographic key crashed |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://api.ipify.org/
|
9
api.ipify.org(50.19.252.36)
crt.comodoca.com(91.199.212.52)
91.199.212.52
153.92.127.239
37.252.187.111
54.235.83.248
95.128.43.164
178.254.40.158
37.157.254.114
|
7
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 231
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 579
ET TOR Known Tor Exit Node Traffic group 152
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 152
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 294
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 586
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.4 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45162 |
2020-11-19 09:56
|
31.exe 0a975ab225438aa388a42fefa03555ff
ENERGETIC BEAR suspicious privilege Check memory buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs anti-virtualization Ransomware Windows Tor ComputerName DNS crashed keylogger |
|
6
163.172.176.167
163.172.184.243
199.249.230.64
155.4.70.10
217.12.203.242
51.38.134.104
|
6
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 444
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247
ET TOR Known Tor Exit Node Traffic group 75
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 75
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 232
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 652
|
|
11.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45163 |
2020-11-19 09:56
|
1.exe 1c2e14b349ff275af406259a671e78b6
VirusTotal Malware suspicious privilege Check memory buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs anti-virtualization Ransomware Windows Tor ComputerName DNS crashed keylogger |
|
6
153.92.127.239
37.252.187.111
62.141.38.69
95.128.43.164
178.254.40.158
37.157.254.114
|
7
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 579
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 586
ET TOR Known Tor Exit Node Traffic group 152
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 684
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 152
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 294
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 231
|
|
11.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45164 |
2020-11-19 09:50
|
MULTAMIT8069218371.msi 77c587e712fb0e78d8f07301aaee21e6
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName DNS |
|
1
|
|
|
4.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45165 |
2020-11-19 09:49
|
MIT-MULTA9662778901.msi 4cd4cf6d8d40df274769f490bd85d6f8
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName |
|
1
|
|
|
3.0 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|