Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
46501	2020-09-10 15:10	UNTITLED-20200906-61199.doc e8c455b9d0a528d8e47a5fa5c949e368 VirusTotal Malware Malicious Traffic unpack itself Windows Browser DNS	2 Keyword trend analysis	3	4		5.0	M	39	admin

46502	2020-09-10 13:40	Search results.txt 4e1df12e5dfc38f9fc5e6776d6a908bc Check memory unpack itself malicious URLs					1.4			guest

46503	2020-09-10 10:18	Invoice.exe 176ec96505cf39b80719907bd8386058 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory buffers extracted Creates executable files unpack itself malicious URLs sandbox evasion Tofsee Windows ComputerName DNS crashed keylogger	1 Keyword trend analysis	2	1		16.4		34	admin

46504	2020-09-10 09:37	Complaint_Letter_1163852919_09... e7d0adf42a8a7e72bdf8c7f3aa58234d Malware Malicious Traffic Check memory Checks debugger unpack itself Windows DNS		1	3		4.6			admin

46505	2020-09-10 09:11	http://jizhonghua.com/ da7c707c8cc7bb49761003626ca4e974 Dridex Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://makemoneywithus.work/selfclicks?utm_id=10893&utm_campaign=Worldwidepop+SDX&utm_source=422320963&utm_cost=0.0016 http://clkfeed.com/adServe/feed?pid=277439&cid=294967874220200910080816&ip=175.208.134.150&q=jizhonghua.com&ref=http%3A%2F%2Fclick.com.cn&num=1&ua=Mozilla%2F5.0+%28compatible%3B+MSIE+9.0%3B+Windows+NT+6.1%3B+Win64%3B+x64%3B+Trident%2F5.0%29&ar=sr&format=jsonp&callback=jCallBack http://jizhonghua.com/ http://91.210.171.250/?NTQwMDc=&qtq&SyUKM=everyone&hdSDFSDFSDf3=m3S9KIlKuZZOQawhUaGflM0zYlZW1oT8fqmhxeDwR-diMGG_kCFUQx1z9bXUbI&iiqV=border&zqgyZv=mustard&osdDGDF45=wHbQMvXcJwDJFYPIJOXASaRBKU7SFU6VwomG_drZdYH9JHT12dzUSkrttlWaC&nBwDIVDdt=difference&sPwr=community&CBygER=irreverent&bxZRiuDpZ=disagree&Muoko=everyone&LqgY=community&QICeQ=consignment&beZw=abettor&LhFeW=irreverent&KxaMzcwOTMy http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://infopicked.com/aS/feedclick?s=Ilxxar-4JDjHYSZnQRV0rUoLXZk8gkPQWEhgdNzDmljI6j6WA_S05lIUa0Wvr2aDrtKGeLDN2bDp6O7CY8H5ouesbwTUN9D1Q57WzBF2czkWE365F5gTS3p_DRrQ0jsCiUnMKG1xv31r6HPqc5_T5XfmENYXbWzNNl6RGTsBSkmXlMFIbkj4h-5dRtHe4LmDInhMOXX2INUr8S-mOoAxZTJvkUClWGz0ENjuu7QzUsUl1BQU3BX0v099TsCiSWeeyTnvlHDIIbnzq5m41NOcQYVllt_5_p5sP61vEk36mdWJCBn5z1ZvPuoj-HsUnhSzW9SSNU-oCJEk7-tFA2kJXc0qY9xeJzIdVMrynipz3hAKkCiv8Ww0dWeh1tupCjZL66KOCDZBVG0pNUdaJo8Vc5hI7WCHjQWpFGUFClm5VIEW69oOQVbmIE94el943rXl9lDr_KGxuH8uK6TIkJ2d-aKW8UFBtGeEBTCzZ1Eq1nLosq1WyHT1dm0F0lnUrx-4SezPULxWSl_AbAHEML8ResISecZGCDLOWRopVUjg18umG9Xgtyg9oWRV2iYh3gAmQa3i54wNYAb-DScVgVFATmf0gK6DZvOUhBfsNtpIEqg6qpGCO2u35rHTeC9xy5AHhuPXZARi-4udjFBVwC6keEVMZY8gLnPYz9lVIEfnyrkoxjcaJBJS16MnluCRIHPFp2xiDSsNpRd9eS9aQwJbVMdtxr6qJw60fNTqdiq1JRhYvzgSQzJgd1qd6g4yh9Qm2NSHLf7nkV5GpoasWGjiv9rRKPueLVnS05oewM7e-IaETrClojCGNTOQ3ulOftSTFeUUbd1VKyeGd8ISq8w5dGLba1BcZ4j5a7sk1oUypySVey9DRJpCDoExltt85jJM9KlsixKby2SqtUXtW1hpQ2dmdfIdrPWppiXUgwQAm4nnSlqEHLr-ww8XDAeJf7_12IRORpMYVJ7Tt2RCu7tMxktVNw4huBGkCFY0bI4wekHZes5sMWJmUS43XbTYL3bLxSsABYJaIqd_xCNVhZlbnn7tQ5ixhcbdIwYh5RgTCbPcUD3KnM8Dd5ESjCHIa-czOR6UvQrMV3YEn3pdnGSoQhDEsBke8hQZuzPa8jv1G2rAQ85Br1mO7lvSJGI47ntvbW1YByshVQc6v7Rcw1vRjcqle7RE0e3D_qNWt4B42WsdJJsf4UlnHXBR5rwrXhHhC0VSTzbzjT41WrRNEvzzSQtyUB7eEzy9uATP5jkgOBWjirkhy68Sqm75mHfsFYyMGZbJLp6YH4efclrDhJMwPFFO2qBq2csOaBciAZB4jjk74of1Y1hh5WaXHcwFmP4q5xa3P66MFsMeFvizl9p524oX80ibd2CECBk-zXXZfyDoyGn0ZFM5uMdfr4nX20vTGh7r2i-9nTAnG00LmBllGXnaMzr4fK_SWzwPMWqk_rBUKs5kwgJm6w http://p277439.infopicked.com/adServe/domainClick?ai=8eMCpQlSself0fXdZAOZhDMfLeiJuihSNtFGgzKXZQOwzUj8CXdBg9XuZGHwNDnSCKDRxlSFy7Fyz3dieb1Lu522HuPMxa_pdRePfirJtYMCozyvMhv4-LlU-hBqlV3wbM7TR-A6o2LnrG8E1DfQ9Q6HRvyXwtB8WKd9ALxRfmAtGDmB6E48Uglt7BALO2dZ6Mhp9GRTObjHX6-J19tL05c9r3PL9gX2uVeQWWNuKrie1C82mRmZMkexhrKl8GYgqUzaeYhSjwo4wze4caGpDvAdDxfNZOFVxWfBO_Pgkf9Lj9hxf0SJk0tVfUbfcXAU2dgRsl_cISdhzavJEfo6eseVq4GY9uFdESEy041wghMrAgV2R4ubIyh-8XWjYI5uvZ0tvrAyc11VkHRUwGVzse4_hxqmBidZ34_EUBB7T3W5HBHAGI8aSz1hqTgxc2azrd0OcIEX6rmPeOjcIg01sg&ui=Ilxxar-4JDjHYSZnQRV0rY-50-QI18VbLWXp3on882KiNKxwAofaTO8BE4Jd3x7A8PdPVX5axCGjirkhy68Sqm75mHfsFYyMGZbJLp6YH4efclrDhJMwPFFO2qBq2csOQ6tup0MS_HQ&si=1&oref=d3c2837da0e02e3a4a67f0afabcb8712&rb=TqxNRUmuhLY&rr=1	6	6 Info ET EXPLOIT_KIT RIG EK URI Struct Mar 13 2017 M2 ET INFO HTTP Request to Suspicious *.work Domain ET INFO Observed DNS Query to .work TLD SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex		5.6			admin

46506	2020-09-09 18:08	owen.exe 5b8581c0ccc653c877bd5e579074c165 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					13.6		16	admin

46507	2020-09-09 17:02	PO9849643600442-MRQ2020_Reques... c5622cbc1895ab0a4f4d56806fee2c3e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.6		31	admin

46508	2020-09-09 16:49	PO6953593463400_Request_For_Qu... ccdd4ec72569bf8d4e4aff011f7fd3a7 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName					7.6		36	admin

46509	2020-09-09 16:49	win32.vbs 7b0cb55597567f179e36baaea872775d VirusTotal Malware VBScript powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray wscript.exe payload download Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key Dropper		3			10.0		3	admin

46510	2020-09-09 16:45	no6 punch stripper.exe 5cd227fba2588fda12f796a48b9820a1 VirusTotal Malware Check memory Checks debugger unpack itself					2.4		43	admin

46511	2020-09-09 16:45	Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.2		11	admin

46512	2020-09-09 16:41	Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					13.8		11	admin

46513	2020-09-09 16:41	190219 KOPA19021312zip.exe 5f9d278f8a75ecc772990a4dcd816963 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Browser Email ComputerName Cryptographic key Software crashed					16.2		16	admin

46514	2020-09-09 16:38	linkscry.exe e85c736613726f5253e17817a1513055 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8	M	41	admin

46515	2020-09-09 16:34	cjcry.exe c81aa84184c65eb076884a70ab78e9c0 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.6	M	39	admin