Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
46456	2024-07-31 09:43	medium.exe 581bca6d99edd1eb945af367af110a8c UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.4	M	30	ZeroCERT

46457	2024-07-31 09:46	Photo.lnk e4de11b91bd957eeb367b13b9ab7d066 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			4.8		18	ZeroCERT

46458	2024-07-31 09:47	releaseform.txt.lnk 46d6193d7f5c337f5f76db8e470b21f8 Generic Malware UPX Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted heapspray Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	6 Info ET INFO Packed Executable Download ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Inline HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	14.2	M	24	ZeroCERT

46459	2024-07-31 09:48	SetupPacket.pdf.lnk 76c809c3d668c4b5d280c7ca0d7920ae Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Antivirus PDF Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File PE32 MZP Format ZIP Format BMP Format VirusTotal Malware powershell Microsoft suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Interception Windows Browser ComputerName DNS Cryptographic key	8 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://212.18.104.197/AdeptTranslatorPro_%5B3MB%5D_%5B1sig%5D.exe http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://212.18.104.197/TopNotchSetupPacket.pdf http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://212.18.104.197/SetupPacket	1	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host PDF Request ET INFO Executable Download from dotted-quad Host ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride	18.0	M	27	ZeroCERT

46460	2024-07-31 09:57	test.lnk 80d39df7a53e3c5e23eb0a71f6799882 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1	7.4		24	ZeroCERT

46461	2024-07-31 09:57	test1.lnk 80d39df7a53e3c5e23eb0a71f6799882 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1	8.0		24	ZeroCERT

46462	2024-07-31 09:57	test3.lnk 771cc2426ce03fd946da48ce7bfa9d90 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	2		7.4		26	ZeroCERT

46463	2024-07-31 09:59	truck.lnk 88004ecaabefd311a5abf9b192486964 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process suspicious TLD Interception Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1	7.8		22	ZeroCERT

46464	2024-07-31 10:16	SetupPacket bcd6b5fcc67a0ebde9c476dd48111041 UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.4	M	37	ZeroCERT

46465	2024-07-31 10:17	video.lnk 55f9bf18d0ea6f426693056bde8a443f Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1	7.4		25	ZeroCERT

46466	2024-07-31 10:17	releaseform db1ae063d1be2bcb6af8f4afb145cdc4 UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.4	M	29	ZeroCERT

46467	2024-07-31 10:17	123123123 73afff7e03cd55b7bc02151da0782e7b UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.6	M	32	ZeroCERT

46468	2024-07-31 10:17	oo ea252af032b9cb8339089c3a8369e6b3 UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.6	M	41	ZeroCERT

46469	2024-07-31 10:17	medium 581bca6d99edd1eb945af367af110a8c UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.4	M	30	ZeroCERT

46470	2024-07-31 10:19	meneedyourverybadlywithentiret... f781d204ec1279f75a5cc307a7617260 MS_RTF_Obfuscation_Objects RTF File doc Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1	3.6	M		ZeroCERT