Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46276	2024-07-25 08:55	OneDrive.exe f468ae483026819d6977e2a5e34ea52a Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files					1.8	M	49	ZeroCERT

46277	2024-07-25 08:57	judit1.exe c8cf26425a6ce325035e6da8dfb16c4e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.0	M	37	ZeroCERT

46278	2024-07-25 08:58	verygoodthingstobegreatadvance... 0244568fb48a51a72c3581e220328e90 MS_RTF_Obfuscation_Objects RTF File doc Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1		3.6			ZeroCERT

46279	2024-07-25 09:00	judit1.exe c8cf26425a6ce325035e6da8dfb16c4e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.0	M	37	ZeroCERT

46280	2024-07-25 09:01	lobo.exe 848abdbd09c052799a0e0180b59f6fee Generic Malware Malicious Library UPX Malicious Packer ScreenShot Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check PE64 .NET EXE DLL Malware download Email Client Info Stealer Malware Buffer PE AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios suspicious process AppData folder suspicious TLD WriteConsoleW anti-virtualization Tofsee Windows Email ComputerName DNS Cryptographic key crashed	9 Keyword trend analysis Info http://185.216.214.218/Population.exe - rule_id: 41325 http://185.196.10.57/selectex-file-host/linkedin.exe http://185.196.10.57/selectex-file-host/Tgnviazinc.exe http://185.196.10.57/selectex-file-host/acev.exe https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5C9F https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5F91 https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7 https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5D https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5F90	4	8 Info ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) ET DNS Query for .cc TLD ET MALWARE Observed ZharkBot Domain (solutionhub .cc in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE ZharkBot User-Agent Observed ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	16.2	M		ZeroCERT

46281	2024-07-25 09:02	54gtxx.exe 1b1c6f48b7c91a48a0dcd736ed0c8d24 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	31	ZeroCERT

46282	2024-07-25 09:04	verygoodthingstobegreatadvance... d28a4f03a2969a60dda6a00aacc0d18e MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	1		4.6	M	35	ZeroCERT

46283	2024-07-25 10:21	msoffice365update.msi f95336c88ee7f8b6275fac1a458dad53 Generic Malware Downloader Malicious Library UPX Malicious Packer ScreenShot Escalate priviledges Create Service Socket DGA Http API Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDeb VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName					6.8		4	ZeroCERT

46284	2024-07-25 10:22	office365crowndStrike.msi 8a9baf0bf2ffabd39007a630a430a29b Generic Malware Malicious Library UPX Malicious Packer ScreenShot Escalate priviledges AntiDebug AntiVM MSOffice File OS Processor Check PE File PE32 DLL VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName					6.8		3	ZeroCERT

46285	2024-07-25 10:22	WidowsSystem-update.msi 3b48c90d4a283982ced898df9570894b Generic Malware Malicious Library UPX Malicious Packer ScreenShot Escalate priviledges AntiDebug AntiVM MSOffice File OS Processor Check PE File PE32 DLL suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName					6.4			ZeroCERT

46286	2024-07-25 11:01	office365crowndStrike.msi 8a9baf0bf2ffabd39007a630a430a29b Generic Malware Downloader Malicious Library UPX Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDeb VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName crashed					7.0	M	3	ZeroCERT

46287	2024-07-25 11:01	Revised PI_2024.exe 30eb52136b6ec784959ad4f269d1ad84 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself					3.0		31	ZeroCERT

46288	2024-07-25 11:17	pic1.jpg.exe d3785ed170cdb1f4784d3dff3a61dae0 Generic Malware Malicious Library Malicious Packer UPX Anti_VM DllRegisterServer dll PE File PE64 OS Processor Check VirusTotal Malware					1.2		45	ZeroCERT

46289	2024-07-25 11:21	OONNeSeeVENFIIVeeeFiLLz.txt.ps... 64717fec2319ab924581ef12c8e91d0d Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis				1.4	M	17	ZeroCERT

46290	2024-07-25 11:22	msoffice365update.msi f95336c88ee7f8b6275fac1a458dad53 Generic Malware Malicious Library Malicious Packer UPX ScreenShot Escalate priviledges AntiDebug AntiVM MSOffice File OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName					6.8	M	4	ZeroCERT