Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45736	2024-07-03 11:27	Video HD (1080p).lnk e694422f9ae9a4bf93258f6376db4292 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell ZIP Format VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Interception Windows ComputerName Cryptographic key	4 Keyword trend analysis	4	1	1	11.6		19	ZeroCERT

45737	2024-07-03 13:24	setup.exe 5d286a1851e49c4a21ec0178bcf8b239 Malicious Library PE File PE32 VirusTotal Malware Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					4.6	M	37	ZeroCERT

45738	2024-07-03 13:24	setup.exe 6a29cf171c9718d55a0b617102451f6b Malicious Library PE File PE32 Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					3.6			ZeroCERT

45739	2024-07-03 17:19	pconsnap.dll 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		37	ZeroCERT

45740	2024-07-03 17:19	pconsnap.dll 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		37	ZeroCERT

45741	2024-07-03 18:12	강연의뢰서_ 엄구호 교수님 .docx.lnk... 52d073c181531c7f0b8b3aa764c6551d Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4		26	guest

45742	2024-07-03 18:27	IEnetCache.hta 23944bdd42dd1973f4cebc54defbccd0 Generic Malware Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	3		12.0		13	ZeroCERT

45743	2024-07-03 18:38	lumma0207.exe 168c5908924803d268d26965c32a5620 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.2		26	ZeroCERT

45744	2024-07-03 18:38	EERIE_EAVE.exe e515e4872f4891fb598b503c34036b8c Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger Check virtual network interfaces DNS		1	1		4.8		40	ZeroCERT

45745	2024-07-03 18:40	toi.txt.exe 5de123afed9669f8abd8994820591ec7 Generic Malware PE File DLL PE64 VirusTotal Malware crashed					1.4	M	45	ZeroCERT

45746	2024-07-03 18:41	wmi.jpg.exe 1953c97029337ec04a8d4b69911d843f UPX PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities WriteConsoleW Firewall state off IP Check Windows DNS DDNS Downloader	5 Keyword trend analysis Info http://118.184.169.48/dyndns/getip http://16.162.161.106:8080/api/node/ip_validate http://ssl.ftp21.cc/64.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8	27 Info gtxvdqvuweqs.com(16.162.201.176) - mailcious members.3322.org(118.184.169.48) down.ftp21.cc(107.189.29.100) - malware ipv6-api.iproyal.com() api.ipify.org(172.67.74.152) download.microsoft.com(72.247.96.197) hook.ftp21.cc(211.108.60.155) - malware api6.my-ip.io() www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.189) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(211.108.60.155) - malware 16.162.161.106 104.26.13.205 211.108.60.155 - malware 59.151.136.153 51.161.196.188 45.113.194.127 16.162.201.176 - mailcious 1.226.84.135 218.57.129.51 93.189.62.83 118.184.169.48 110.11.158.238 119.203.212.165 - malware	12 Info ET DNS Query for .cc TLD ET INFO Packed Executable Download ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup		11.2	M	40	ZeroCERT

45747	2024-07-03 18:41	ok.exe 2a5bdb0a785762ab4982d360bd4c37e5 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1	1		4.2		38	ZeroCERT

45748	2024-07-03 18:43	OPERATIONAL_MOAT.exe fe630e60d070ead8f5421d4006872435 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1	1		4.4		45	ZeroCERT

45749	2024-07-03 18:44	123.exe 4a24aad5274be7e1fd5e3ef95ea20f8f Gen1 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processor Che VirusTotal Malware AutoRuns PDB Code Injection Creates executable files Windows utilities WriteConsoleW Windows Remote Code Execution crashed					6.0		47	ZeroCERT

45750	2024-07-03 18:46	client_win.exe 9f478308a636906db8c36e77ce68b4c2 Gen1 Generic Malware Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files WriteConsoleW					1.6		26	ZeroCERT