Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45466	2024-06-19 17:15	newfile_setup.exe 973a55a800d2b099f57fe7dfba56b848 Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName				2.8		45	ZeroCERT

45467	2024-06-19 17:15	voda.exe 61454bbf62a50d22bc3d52b44de73edd Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP)	7.8		45	ZeroCERT

45468	2024-06-19 17:17	legs.exe bbd06263062b2c536b5caacdd5f81b76 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed		1	1	2.8		50	ZeroCERT

45469	2024-06-19 17:18	msa.exe 230ef121bcb5b8c9b91a2c35788d60ca XWorm Generic Malware WebCam Malicious Library .NET framework(MSIL) UPX Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				12.4	M	55	ZeroCERT

45470	2024-06-19 18:17	Printsvc.exe f5ccac795e79c40d64e7e5a73c741785 UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself				1.0		13	guest

45471	2024-06-19 18:32	svrhost.exe f5ccac795e79c40d64e7e5a73c741785 UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself				1.0		13	guest

45472	2024-06-19 18:52	Printsvc.exe f5ccac795e79c40d64e7e5a73c741785 UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself				1.0		13	guest

45473	2024-06-19 19:03	svrhost.exe f5ccac795e79c40d64e7e5a73c741785 UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself				1.0		13	guest

45474	2024-06-19 21:44	Printsvc.exe f5ccac795e79c40d64e7e5a73c741785 UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself				1.0		13	guest

45475	2024-06-20 09:26	Photo.scr e16c628c4b2be310f75780fdeef94a75 PE File PE32 VirusTotal Malware				0.6		3	ZeroCERT

45476	2024-06-20 09:26	bma.doc 0ebecab201093cd3733b0ee652381ee1 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	3	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.2	M	36	ZeroCERT

45477	2024-06-20 09:27	llb.doc 3a8df96db2b8e159c2a4d2652f1cf454 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	9 Keyword trend analysis Info http://www.hissmjkl.com/zadz/ http://www.hissmjkl.com/zadz/?pY=GqmOaWdq+kX/yRvyAZZwseYDvaTL8crr23pe6qvcgIhSte46GY4DIQa7ks3RQ77EfqOrO6E9ud6ta6vwJbbEPWpMvqhVaL5TSjftDGWhiRc7xSx2vvQWLWjMkFGYeWU0dOjwkWc=&q7iu=YOnhTm3GvPBMIU http://www.seemorebooks.com/pi58/?pY=YYtcvmaEEn+7nyfxzWgh1us0l/woYfyMnrlu6Rjt4og+6FeMZ1IdpKDPKj+aPF1uuIq0gCsO4nwJKFBr1ceHHaYtBG7ACxwv7Iz3EuX+x6xrPs5Ey6eaPYfJ6s7i8ry1ERDc11U=&q7iu=YOnhTm3GvPBMIU http://www.seemorebooks.com/pi58/ http://www.go2super.app/wgnm/ http://www.go2super.app/wgnm/?pY=Fa4WWJW4OAk9quC/liQ5qPCm6cq5UHInoPdIisE1PBrL79EG4mQIKlmV9v0gNsYws5soHWC75TgVD8ScXJuz3zKnezho/eF1xa+ohUcEmn2mEAmZPvlgVqrPRDgE59rzl73KHjo=&q7iu=YOnhTm3GvPBMIU http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip http://192.210.150.54/800/service.exe http://synergyinnovationsgroup.com/rTenPEVaZZd63.bin	11 Info www.noblessewine.com() synergyinnovationsgroup.com(199.217.106.226) - mailcious www.hissmjkl.com(104.21.26.154) www.seemorebooks.com(66.228.55.6) www.go2super.app(15.197.148.33) 199.217.106.226 - mailcious 15.197.148.33 - mailcious 172.67.137.15 66.228.55.6 192.210.150.54 - malware 45.33.6.223	6 Info ET MALWARE FormBook CnC Checkin (GET) M5 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	38	ZeroCERT

45478	2024-06-20 09:28	IP%E8%87%AA%E5%8A%A8%E6%8B%A8%... ed95ed22864405ca79a7910d5c2a527d Generic Malware Malicious Library ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Check memory unpack itself Remote Code Execution				2.2	M	26	ZeroCERT

45479	2024-06-20 09:28	UHH.txt.exe 72ffddcd4adf890a663396aaf31affc4 AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger	2 Keyword trend analysis	4	4	7.0			ZeroCERT

45480	2024-06-20 09:30	Video.scr e3bcf6c6f4d21e8a1e2789e981366973 Generic Malware Malicious Library UPX PE File OS Processor Check VirusTotal Malware				0.4		2	ZeroCERT