Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45361	2020-11-13 11:00	b.exe 268f6a197a208cca3d28c81059a0267d VirusTotal Malware Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			10.0		36	admin

45362	2020-11-13 10:42	b.exe 268f6a197a208cca3d28c81059a0267d VirusTotal Malware Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			10.0		36	admin

45363	2020-11-13 10:39	b.exe 268f6a197a208cca3d28c81059a0267d VirusTotal Malware Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		2			10.0		36	admin

45364	2020-11-13 10:37	b.exe 268f6a197a208cca3d28c81059a0267d VirusTotal Malware Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			10.0		36	admin

45365	2020-11-13 10:35	axcypr.exe 944d8991324c722fc1495d8f3dda1313 VirusTotal Malware PDB unpack itself malicious URLs ComputerName					2.6	M	19	admin

45366	2020-11-13 10:33	4574557.png.exe f44796a03f64ec015e6dbc497fb460d0 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName DNS crashed		1			9.6			admin

45367	2020-11-13 10:31	4574557.png.exe f44796a03f64ec015e6dbc497fb460d0 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed					9.0			admin

45368	2020-11-13 10:18	4574557.png.exe f44796a03f64ec015e6dbc497fb460d0 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed					9.0			admin

45369	2020-11-13 10:11	4574557.png.exe f44796a03f64ec015e6dbc497fb460d0 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed					9.0			admin

45370	2020-11-13 10:02	4574557.png.exe f44796a03f64ec015e6dbc497fb460d0 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed					9.0			SFPark

45371	2020-11-13 10:00	axcypr.exe 944d8991324c722fc1495d8f3dda1313 VirusTotal Malware PDB unpack itself malicious URLs ComputerName DNS		1			3.2	M	19	SFPark

45372	2020-11-12 20:00	http://45.141.84.182/beacon.ex... 860cdd118f68793a680ad4d22c43619a Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		2	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex		7.2	M	27	guest

45373	2020-11-12 18:23	372463.png.exe c2bf80228e601b565e634140b189f213 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed					8.6			SFPark

45374	2020-11-12 18:21	3.dll 4f807ffbf0704b3aaf708a1aef892dfd VirusTotal Malware PDB					1.2	M	15	SFPark

45375	2020-11-12 18:17	beacon.exe 860cdd118f68793a680ad4d22c43619a VirusTotal Malware Code Injection buffers extracted RWX flags setting Windows utilities suspicious process malicious URLs Tofsee Windows ComputerName DNS	3 Keyword trend analysis Info https://eiphaem9aifuR1udaizu.badedsho.space/image/g9jVGMB1mhQ_ja7zd9fRX1zKOnP9VDbG0-zR1vJAm_Vq02GUsZyVJZe3PZZtJVD0tbKZk48vUpzd9zqjPQs4ncbHt6qh2acVPlgMgv2g8JMCrZVG5OSsg9XJcrsPnsUEIXjwI9Ym4zp7Hd9vB02rLoDtNFUOqcL6oDHTRzOtL5HOnWLM/kitten.gif https://oow8Phokeing6kai5haH.glowtrow.online/gifs/mQ5zu9qjPLclWwhQbQF3_EYcnNDngpBlyTp3deiWPVZwBcc3q0ozho1hmzV38_ZXr2Q_MJX59D_HIZwAJ92ePtwREQm7DwG2JI6qIed2VjAYezPl_jIKIM8f1BgVSGOnO65WgMzwRZlhy3nMHZsNjZo7kvYUf2RZuud15Cl7iTLUS8Rv/kitten.gif https://ooLiey0phuoghei2cei7.cleans.online/gifs/gFoakMP3VZw8D2F7dFUe119I9fv-1vlO0G4eXvHCVH1pUa4csh5arZQ18h5up598tjBWG4ytnRTedfUrPon3FcVFeCKiW2idPdrDCv4iPxsBL1rO52ZjC9ZLvTMMHAqMIvo_q9WkLLJ4nxDnBM9kpoNv-90NKw1yo7MczzAv4BnNH61E/kitten.gif	7	1		7.6	M	20	SFPark