Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45181	2020-11-18 18:14	OGtxupQ48uyfia3.exe 78f9fe744846ebeb2d2e7224af27f02c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	5		13.2	M	26	ZeroCERT

45182	2020-11-18 18:14	nass.exe d9e4ff69934ce995feaa9e54e0d5ad07 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger ICMP traffic unpack itself Windows utilities malicious URLs Windows	2 Keyword trend analysis	5			6.6	M	40	ZeroCERT

45183	2020-11-18 18:10	emthree.exe b017a31549aa5edeccecab2f3e717d1b VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows DNS Cryptographic key					10.4	M	21	ZeroCERT

45184	2020-11-18 18:10	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					12.2		30	ZeroCERT

45185	2020-11-18 18:03	abw.exe 678dac5fc4c6a55f032ba40698895e6a Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName Cryptographic key crashed		2			15.6	M		guest

45186	2020-11-18 18:03	eic.exe 665bfadaa21dc3f298b0c886b6867cd1 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows DNS crashed	1 Keyword trend analysis	2	1		10.8	M	48	guest

45187	2020-11-18 13:43	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					12.0		22	guest

45188	2020-11-18 12:32	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					13.2		22	guest

45189	2020-11-18 10:28	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					13.2		22	ZeroCERT

45190	2020-11-18 10:27	eic.exe 665bfadaa21dc3f298b0c886b6867cd1 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS crashed					7.2	M	43	ZeroCERT

45191	2020-11-18 09:37	document1.doc f9a6dc3c7aa957c70e4f539d72e54c4f Malware download Azorult VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Zeus Windows Exploit DNS crashed		3	7 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE AZORult v3.3 Server Response M3 ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)		5.6	M	25	ZeroCERT

45192	2020-11-18 09:37	document.doc 41820dc68297b85f7dc85540a3423c1d VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.2	M	24	ZeroCERT

45193	2020-11-18 09:33	CKC.exe d54d01d0a3a073d1d2a3b70e0d9852cc VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows Cryptographic key	1 Keyword trend analysis	2	1		10.4	M	14	ZeroCERT

45194	2020-11-18 09:30	3MLDad2sFoYnTE9.exe 8849ec79aac67ee11e47fca7938ccfb5 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser ComputerName Software crashed keylogger	2 Keyword trend analysis	6	3		11.2	M	23	ZeroCERT

45195	2020-11-18 09:28	CKC.exe d54d01d0a3a073d1d2a3b70e0d9852cc VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS Cryptographic key					7.0	M	14	ZeroCERT