Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46051	2024-07-15 10:30	Update (1).js 43c65f08a365483fc68f8a36958b7b49 Malware download Malware VBScript wscript.exe payload download unpack itself Tofsee SocGholish DNS crashed Dropper	1 Keyword trend analysis	2	4		10.0			guest

46052	2024-07-15 16:41	kkm.exe ab6ca8e3d0c7967c6372a96334e6bb19 Generic Malware Malicious Library UPX .NET framework(MSIL) Anti_VM PE File PE32 DLL .NET DLL PNG Format Lnk Format GIF Format OS Processor Check ftp .NET EXE VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					4.0	M	40	ZeroCERT

46053	2024-07-15 16:42	buildz.exe a849c8e77640b84fb11c61c2caeaef24 Suspicious_Script_Bin Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	6 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download		8.2	M		ZeroCERT

46054	2024-07-15 16:42	updaterr.exe 4ac882ebdbc1431cdd3ab45e1712ada1 Gen1 Generic Malware Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware PDB					1.4		48	ZeroCERT

46055	2024-07-15 16:46	kz_kkm_2.4.2.3.exe 40a22356fd06bc9a4fd4ddedf5286666 Generic Malware Malicious Library UPX .NET framework(MSIL) Malicious Packer Anti_VM Javascript_Blob PE File PE32 DLL OS Processor Check .NET DLL PNG Format .NET EXE ftp Lnk Format GIF Format PE64 wget VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					3.4		12	ZeroCERT

46056	2024-07-15 16:46	205.exe f07d044782a27691aa43de4b94603355 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2		63	ZeroCERT

46057	2024-07-15 16:47	멀티캠퍼스 강연의뢰서_ 김병로 교수님 .docx.lnk... 16074a3f76b7860a180e0ec54dd19ed6 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4		22	ZeroCERT

46058	2024-07-15 16:48	201.exe 01bf430eb3aae589ef6d4cdfcaa280b3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					1.8	M	26	ZeroCERT

46059	2024-07-15 16:59	멀티캠퍼스 강연의뢰서_ 김병로 교수님 .docx.lnk... 16074a3f76b7860a180e0ec54dd19ed6 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4		22	ZeroCERT

46060	2024-07-16 02:59	4b98d2919533ab614a7571aa0ef7c8... ad27be427dd7f922143e57fd1fa64f98 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX JPEG Format PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AppData folder Windows DNS keylogger		1			9.8		29	guest

46061	2024-07-16 04:18	https://www.honorofkings.com/d... 51da85568f29994405c3cb16aeef1571 Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File ZIP Format ftp Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	2	2		3.2			Greytroya

46062	2024-07-16 07:11	Game.exe 21959a3818472588bee12b4e4ac688dc PE File PE32					1.4			guest

46063	2024-07-16 07:29	Game.exe e031d8266a5f1cbc0eb29455e25c31c2 Generic Malware Malicious Library Malicious Packer ASPack UPX PE File PE32 OS Processor Check					1.0			guest

46064	2024-07-16 11:01	tdrpload.exe ababca6d12d96e8dd2f1d7114b406fae Generic Malware Downloader Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files Disables Windows Security Windows Update DNS	2 Keyword trend analysis	16	2	2	10.2	M	51	ZeroCERT

46065	2024-07-16 11:01	pei.exe 8d8e6c7952a9dc7c0c73911c4dbc5518 Generic Malware Downloader Admin Tool (Sysinternals etc ...) UPX Malicious Library Malicious Packer PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files ICMP traffic Disables Windows Security AppData folder Windows Update DNS	5 Keyword trend analysis	16	3	3	12.4	M	57	ZeroCERT