Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46771	2024-08-07 10:09	az.exe b9fcbae32e294854e2507179d4acef1c Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Remote Code Execution					1.8	M	17	ZeroCERT

46772	2024-08-07 10:11	taskhostw3.exe 06a8e35022b76d751e396d1ab5bb9cf1 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					3.6	M	23	ZeroCERT

46773	2024-08-07 10:11	wp.vbs 67d660ff76a9414cc62d4ddf7f3223f6 VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS DDNS Dropper	1 Keyword trend analysis	2	1		10.0	M	30	ZeroCERT

46774	2024-08-07 10:13	3.dat 0c8848c11a91ab74f30abbef17792f8f Generic Malware UPX PE File PE32 VirusTotal Malware					1.8	M	52	ZeroCERT

46775	2024-08-07 10:18	ienetworks.hta 367299f3b78921590e30252fcc114cc7 Antivirus VirusTotal Malware unpack itself crashed					1.2		15	ZeroCERT

46776	2024-08-07 10:19	ienet.hta dde24099df982fc36dcbadf43a92ba46 Generic Malware Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			10.8	M	16	ZeroCERT

46777	2024-08-07 10:19	INET.hta accdfe7a24bcb621a1dade4ab39eddb2 Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1			11.0	M	16	ZeroCERT

46778	2024-08-07 10:33	instantflowercaseneedbeautygir... ccde7ef0e90a5a62394fafe77c7eff7e Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	1 Keyword trend analysis	2	2	1	9.2	M	4	ZeroCERT

46779	2024-08-07 10:34	install.exe 4bbcacdd78e864802197947104fca7cc Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware crashed					1.0		1	ZeroCERT

46780	2024-08-07 13:25	kz.js e1e3b54f17e16c5e867a9e7ee6d196ba Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check AutoRuns Creates executable files AppData folder Windows DNS DDNS keylogger		2	2		6.2			ZeroCERT

46781	2024-08-07 13:25	kg.js 47b10cd883ecbb78172c5e38b33aa085 AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Gmail Browser Email ComputerName crashed keylogger		2	2		9.6		13	guest

46782	2024-08-07 13:25	JoSetp.exe ed59308f9e2b59ec4195a99788cee8ee Confuser .NET PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Ransomware DNS	2 Keyword trend analysis	3	3		4.4	M	57	guest

46783	2024-08-07 13:25	kiz.js 00bf8ae55020bb2533b3a4eb875c5e4c Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check human activity check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO TLS Handshake Failure ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI		11.8		15	ZeroCERT

46784	2024-08-07 13:31	ienetworks.hta 367299f3b78921590e30252fcc114cc7 Generic Malware Antivirus PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			9.4		15	ZeroCERT

46785	2024-08-07 13:43	renewthejourneywithimagekitche... cb413715fe15be39831acd147e37bb0f Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	1 Keyword trend analysis	2	2	1	9.2	M	2	ZeroCERT