Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46501	2024-08-01 10:30	hacrvidth vibev.exe 7a18b1bf9b07726327ba50e549764731 Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.8		50	ZeroCERT

46502	2024-08-01 10:32	hacrvidth vibev (2).exe d6b38a2272876d039d48b46aa874e7b9 Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6		50	ZeroCERT

46503	2024-08-01 10:38	ppcsnap.dll 9b62352851c9f82157d1d7fcafeb49d3 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		56	ZeroCERT

46504	2024-08-01 10:48	ppcsnap.dll 9b62352851c9f82157d1d7fcafeb49d3 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		56	ZeroCERT

46505	2024-08-01 10:54	xxx.doc 498755df4e7db2b5ccc26cf792c66b98 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.8	M	41	ZeroCERT

46506	2024-08-01 10:55	js.jpeg.exe ca6a65c0bc674566fe409c56a5ea9301 Malicious Library UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB					0.6		1	ZeroCERT

46507	2024-08-01 10:58	random.exe f0bb0592b63ca7c1baf6a12f5d3d867d EnigmaProtector PE File PE32 VirusTotal Malware unpack itself ComputerName crashed					2.4	M	32	ZeroCERT

46508	2024-08-01 10:58	random.exe d9cb86f07f84abd7359a4b51371db020 Generic Malware Downloader Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName crashed		2	1		12.4	M	32	ZeroCERT

46509	2024-08-01 10:58	greatdayforeveryonetheyaregrea... d559f074ac2f858891395b2d39d93e8e Formbook MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	16 Keyword trend analysis Info http://www.askvanta.com/hhti/?BuYN=fjRDIvTmNEJNTuTcr8del2WQp76nRU4WKVyXC6Y4v5xhqnRixQ6zeb282ydBwPMN2XVyKj7Iv4bMnoolEkDYP7t2qkRY0AApd+m94wn/hzh5njk5AnE5TcuZf+A5lnJQAByr72U=&8Ps3x=9ga6bLE8B3 - rule_id: 41539 http://www.microsofr.fun/omnp/?BuYN=GQSd+8pi26b7zJhOJIQXVD/h3K/inFV8tNrqSt2nhXuDaWJRns1If/+gRxLu2YDerAFibGs6WR2Qt7jgVufvyJTnycUzu8Yso7GmTERVlWVgi3ROCwKMdFc5FOB0p/g90EsMQlA=&8Ps3x=9ga6bLE8B3 - rule_id: 41540 http://www.gotvoom.pro/yagd/ - rule_id: 41537 http://www.eworld.org/18e1/ - rule_id: 41541 http://www.c7v88.top/v6ba/ - rule_id: 41536 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip http://www.gotvoom.pro/yagd/?BuYN=uEwhQtN8d9WFSPX3vcuayxdpQqb8c/D/UpaKbFjD70Hg2gjUyZfmxqkinXZDMhG9GrAjDWM/1uaY6+kvF7tL6dHrL5YWOt4Y3qm+cyYTZ0PahKZdxCx3NJ3PVHCt9uZUePj8NnU=&8Ps3x=9ga6bLE8B3 - rule_id: 41537 http://www.c7v88.top/v6ba/?BuYN=nJtV0xxVonYleLmyEDIGF1GRtIwzCkYblW7ymF81wwUwIwWLid3Lr9yJw2X9YaLdXd5m2mo1Ok9Zsjhn2cbjbjbKzyMWkQ/uC8atz3xgP0khh14CmXxCw976WGM8OA3qn6b9QMQ=&8Ps3x=9ga6bLE8B3 - rule_id: 41536 http://www.ninunveiled.shop/y2xs/?BuYN=K+FBq1WtvybOxhvHtU6WfmZAZpWeOQe+tj2vmYfwz33F3b3Aes3OHbiwiZWnNpMPG0WPojpzHKw+GlwZgAeAfHJqiaj6RkWVZG7lgMda/YUzq50sWWgrRQDPyvkHd1GXzInPZUw=&8Ps3x=9ga6bLE8B3 - rule_id: 41542 http://www.juliakoppel.org/9wjj/ - rule_id: 41538 http://www.juliakoppel.org/9wjj/?BuYN=3pAkfJORuRgA59m5D3Ccm/a2baSHIB7ZSYQ2sF+aO2KWoeTfZIMk0oynOCre8P7un/vWh9+jgjqgzzA3WVgVD2gacPCD8hv2BH56l/1+ZEKULaKcv9mw30410B/1ELsaBxrqqsU=&8Ps3x=9ga6bLE8B3 - rule_id: 41538 http://www.microsofr.fun/omnp/ - rule_id: 41540 http://www.askvanta.com/hhti/ - rule_id: 41539 http://www.ninunveiled.shop/y2xs/ - rule_id: 41542 http://www.eworld.org/18e1/?BuYN=Pm7pKTMIYdCMccpB3xsAXFwsVOfU5MHbomtkvn/TIB3o6VHyHDbhzBEtFW9t5aJY+pX07Evew+XtfHVHXf6tslmSqwg1OujBiiUxK9iHVQ3RBf96wgYN9V5GQcLy17oB+M1M8tY=&8Ps3x=9ga6bLE8B3 - rule_id: 41541 http://104.219.239.104/15/winiti.exe	15 Info www.c7v88.top(15.197.148.33) - mailcious www.eworld.org(13.248.169.48) - mailcious www.ninunveiled.shop(104.21.87.176) - mailcious www.microsofr.fun(76.223.67.189) - mailcious www.gotvoom.pro(15.197.148.33) - mailcious www.juliakoppel.org(109.172.114.38) - mailcious www.askvanta.com(3.33.130.190) - mailcious 15.197.148.33 - mailcious 76.223.54.146 109.172.114.38 - mailcious 104.219.239.104 - mailcious 172.67.170.124 3.33.130.190 - phishing 45.33.6.223 76.223.67.189 - mailcious	8 Info ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (GET) M5 ET DNS Query to a .top domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	14 Info http://www.askvanta.com/hhti/ http://www.microsofr.fun/omnp/ http://www.gotvoom.pro/yagd/ http://www.eworld.org/18e1/ http://www.c7v88.top/v6ba/ http://www.gotvoom.pro/yagd/ http://www.c7v88.top/v6ba/ http://www.ninunveiled.shop/y2xs/ http://www.juliakoppel.org/9wjj/ http://www.juliakoppel.org/9wjj/ http://www.microsofr.fun/omnp/ http://www.askvanta.com/hhti/ http://www.ninunveiled.shop/y2xs/ http://www.eworld.org/18e1/	5.2	M	40	ZeroCERT

46510	2024-08-01 10:58	buttersmoothflowerwayssmooth.g... ed2db1c558d7e56d7d9d67de4d14d60d Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.8	M	4	ZeroCERT

46511	2024-08-01 10:59	gg.exe 18ff67b2f4d4e3f2a8ae474826fc86c8 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS crashed		1			4.0	M	58	ZeroCERT

46512	2024-08-01 10:59	vbs.jpeg.exe 70e3e9ac5a828e7374199903d3806303 Malicious Library UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB					0.6		1	ZeroCERT

46513	2024-08-01 11:00	weneedgreatthingsalwaystogetme... 4b9305dcc211e64941a71120617c8983 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2			4.6	M	38	ZeroCERT

46514	2024-08-01 11:00	roseflowergetmeforgirlshairs.g... 935dee250a117207ad585b612947fa27 Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8	M	3	ZeroCERT

46515	2024-08-01 11:12	chkup.msi 10e9e9aff94dd23d61650c7673885f32 MSOffice File VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Tofsee ComputerName	1 Keyword trend analysis	4	2		3.4	M	28	ZeroCERT