45826 |
2020-10-28 22:06
|
jew.exe fff6dec3f67b3348c16eb772582b1178 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs |
|
|
|
|
2.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45827 |
2020-10-28 21:53
|
Ym4nLhD.exe 20d546782a89689cb3143102855b30b9 VirusTotal Malware Malicious Traffic Check memory RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://78.206.229.130/R8VipMvxD/6hIhcMr5/nRjKTe3TWB2ujWbjW7/1gb7b8ueZ2g3uOs/kp8A5r0gxhsKZ5vL/FsxOrrNG/ - mailcious
|
1
78.206.229.130 - suspicious
|
|
|
6.0 |
M |
8 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45828 |
2020-10-28 21:51
|
arc_EW7843494089FU.doc 5057e8eec54ab03814f7b5b9a6f73748 Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
4
http://scalarmonitoring.com/wp-admin/js/widgets/S0A/ http://88.153.35.32/CnOcVTFB/e59GKzZswK2VrTa8eG/xO9hy11mC4rMwAHm/LacaElVZGvaJ4KEH/SbruKCeALmA/ - mailcious http://nanettecook.org/wp-admin/x/ https://scalarmonitoring.com/wp-admin/js/widgets/S0A/
|
5
scalarmonitoring.com(85.50.100.181) nanettecook.org(74.80.58.254) 85.50.100.181 88.153.35.32 - suspicious 74.80.58.254 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45829 |
2020-10-28 19:10
|
Untitled_VW2874948220CG.doc 7f8b12d54d354fcecea19637aa6739d5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://florumgroups.net/mysite/C0NYBd/ - malware http://88.153.35.32/KoWkUXwbg/FGcU/b5bhu6m6A/yEqpojQPrcTWoLy/iKX84TipvygWtQQ/nc3W/ - mailcious
|
5
florumgroups.net(63.250.42.152) - malware socialplaymedia.com(51.77.201.228) 51.77.201.228 63.250.42.152 - suspicious 88.153.35.32 - suspicious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
18 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45830 |
2020-10-28 19:04
|
document.doc 91838b9d14e012553a323ca4e9261547 Vulnerability VirusTotal Malware exploit crash unpack itself malicious URLs Exploit DNS crashed |
1
http://duracom.ga/sdfile/1/document.doc
|
2
duracom.ga(91.203.192.84) - malware 91.203.192.84 - suspicious
|
1
ET INFO DNS Query for Suspicious .ga Domain
|
|
4.8 |
|
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45831 |
2020-10-28 18:54
|
n1.exe 8aad8fa5cd8e6a9742079b7d579aadf4 VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
|
33 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45832 |
2020-10-28 18:53
|
INV_6347.doc b78a1fa8b1dfc94a57d1a35c3953e1fa Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.meshzs.com/wp-includes/E/ - malware http://91.121.200.35:8080/BKhHW3pyD/wVLE4VHOlIwgK1NBL/0FPEf/xVxOqWB2k/bFKzPnusSsEuWnLHG/v202jrsDZIbG/ - mailcious
|
4
www.meshzs.com(188.166.149.118) - malware 179.15.102.2 - suspicious 188.166.149.118 - suspicious 91.121.200.35 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.0 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45833 |
2020-10-28 18:50
|
invoice.doc 373cb701b632ae6397bf97b0b3f6336b Vulnerability VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit crashed |
1
http://bvcxzlkjhgfdsapoiuytrewqwertyuiopasdfghj.ydns.eu/akin.exe - malware
|
2
bvcxzlkjhgfdsapoiuytrewqwertyuiopasdfghj.ydns.eu(103.140.251.164) - malware 103.140.251.164 - suspicious
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45834 |
2020-10-28 18:46
|
FD-6507.jpg.exe db8548d27da86c27809420b5ef7143b0 AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
12.4 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45835 |
2020-10-28 18:45
|
antidami32kl.exe a6b913ac4445753786c8e62a08df5449 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
13.8 |
M |
22 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45836 |
2020-10-28 18:38
|
form.doc 77153b25765b8f500ec3b9199fde031a Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://91.121.200.35:8080/5p26GFubm/9pfmBu06/m4RahRb8CPnsVM1/Idbok7gct/Qtl4m6AYI4LTtYWO/bymnR/ - mailcious http://www.meshzs.com/wp-includes/E/
|
4
www.meshzs.com(188.166.149.118) 179.15.102.2 - suspicious 188.166.149.118 91.121.200.35 - suspicious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.0 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45837 |
2020-10-28 18:29
|
pinac33fb.exe d204e66e0d2ca29b4c382818fa44e710 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
2
http://www.qrealstate.com/v5e/?hBZ=U8uYJGSxoLyhT5pbzaQ9qctLbacRs+moGSuQsXfqB1aF5sMBe8L8sBVSRbRvl3A+E3BaxDnm&or=3f2pdRAXg http://www.ikonnfood.com/v5e/?hBZ=W6KdrNObcxIjnvFa/ckLxHjNsYQo6VSzkwlNO041eL/2JEugRfg9ANiOZrYvupe42yLeExKi&or=3f2pdRAXg
|
4
www.qrealstate.com(68.66.224.8) www.ikonnfood.com(217.160.0.167) 217.160.0.167 - suspicious 68.66.224.8 - suspicious
|
|
|
11.2 |
M |
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45838 |
2020-10-28 18:28
|
office99fb.exe 5bc7fe05cc6777e298f4af807926dfe6 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
1
http://www.hamptonsgeneralcontractors.com/acq/?wh=0QAhRrP8y1RAj5XU33Cusl4oZQrV0aSnFtY2d6l9bccmMffCxyrW75SYWrN9oI13N2c7yo3H&YBZ0=cxlL6
|
3
www.hamptonsgeneralcontractors.com(147.154.3.56) www.exo365.ltd() 147.154.3.56
|
|
|
11.2 |
M |
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45839 |
2020-10-28 18:15
|
office99fb.exe 5bc7fe05cc6777e298f4af807926dfe6 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
|
|
|
|
10.4 |
|
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45840 |
2020-10-28 18:15
|
pinac33fb.exe d204e66e0d2ca29b4c382818fa44e710 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key |
|
|
|
|
10.4 |
|
23 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|