Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45436	2024-06-19 09:42	sch.exe 60b4266cdb4dc9b44d595677680a94f2 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	50	ZeroCERT

45437	2024-06-19 09:42	3.exe a41dcc178717a13af8972680faa8e697 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.0	M	48	ZeroCERT

45438	2024-06-19 09:44	Antivirus333.exe 9260f5e80678b6490676270838c08941 Malicious Packer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself				2.8	M	62	ZeroCERT

45439	2024-06-19 09:44	3R%BC%BC%CA%F5.exe befa6ec7199742afacb57a836c374853 Emotet Generic Malware Malicious Library ASPack UPX DllRegisterServer dll PE File PE32 OS Processor Check DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Remote Code Execution DNS		1		4.8	M	54	ZeroCERT

45440	2024-06-19 09:47	Ebyloto_LetThereBeNightingale_... ec974c132c919b5865a24a2c071bb93a Generic Malware Downloader Malicious Packer Malicious Library .NET framework(MSIL) UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P per Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote suspicious process Ransomware Windows Browser ComputerName Cryptographic key				9.8	M	54	ZeroCERT

45441	2024-06-19 09:47	lamda.cmd 1220872b5a60851b40457bfa168f34f2 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger heapspray Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	6 Keyword trend analysis			4.2	M	11	ZeroCERT

45442	2024-06-19 09:48	AntiVirus00.exe d31d65a28dca61cf4a21ba5020b60e83 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	57	ZeroCERT

45443	2024-06-19 09:49	2345.exe ce7dc5df5568a79affa540aa86b24773 Generic Malware Malicious Packer Malicious Library UPX Anti_VM PE File PE32 VirusTotal Malware AutoRuns unpack itself Windows DNS crashed		1		5.6	M	54	ZeroCERT

45444	2024-06-19 09:51	2.exe 3fa8ba44b848d959dec2f30e98adefa3 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	51	ZeroCERT

45445	2024-06-19 09:51	sky.exe f0834f7f2daa415fb992d93f549bbfd0 Gen1 XMRig Miner Generic Malware Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Firewall state off Windows		2	1	6.0	M	62	ZeroCERT

45446	2024-06-19 09:53	lamda1.cmd 34961215950869251baa1879d161a90d Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis			4.2	M	18	ZeroCERT

45447	2024-06-19 09:56	blob.exe fbfbe4ee13baecac3e7d16bec24cf079 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		2	2	1.4	M	59	ZeroCERT

45448	2024-06-19 09:57	c3p.exe 02aa02aee2a6bd93a4a8f4941a0e6310 Gen1 XMRig Miner Generic Malware Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Firewall state off Windows		2	1	6.0	M	60	ZeroCERT

45449	2024-06-19 09:58	dd.exe d27a00984e82dbfc554df8a53e03cbcc Gen1 XMRig Miner Generic Malware Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Firewall state off Windows DNS CoinMiner		2	2	6.0		57	ZeroCERT

45450	2024-06-19 09:59	bin.exe 13e5872e9b7c47090e035dc228c5589f Generic Malware Malicious Packer Malicious Library UPX .NET framework(MSIL) PE File PE32 OS Processor Check PE64 .NET EXE JPEG Format Malware download Amadey VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder suspicious TLD Windows DNS CoinMiner	3 Keyword trend analysis	6	12 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET POLICY Cryptocurrency Miner Checkin ET MALWARE Amadey Bot Activity (POST) M1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING Possible EXE Download From Suspicious TLD ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	7.4	M	59	ZeroCERT