Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
46906	2024-08-10 13:08	a.exe 2e171efa60b0cae4b318b199be88a351 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself				2.0	M	10	ZeroCERT

46907	2024-08-10 13:12	66b4b10e9ef0b_stealc_default.e... 9b43256a33142e469adbe046a1552781 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Windows				2.6	M	45	ZeroCERT

46908	2024-08-10 17:30	setup.exe d10485d74aa26c9e762a32346b28cf32 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0			ZeroCERT

46909	2024-08-10 17:30	setup.exe 1f9db1ec7ebe3fd44d09e73c78916a0f Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4			ZeroCERT

46910	2024-08-10 17:32	setup.exe 011317aa716866ff4c2995b0ba4f6138 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0			ZeroCERT

46911	2024-08-10 17:32	setup.exe 331893d25fb234561ff103e892ee3f63 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4			ZeroCERT

46912	2024-08-10 17:34	setup.exe e91473fcd57c30f471bf0c34824f2da2 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT

46913	2024-08-10 17:34	setup.exe 6a30f1579928870f8abee234b1943994 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

46914	2024-08-10 17:36	Info.ps1 2ff0359741c6894d5625d156e0dba750 Generic Malware Antivirus Malware download VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Trojan DNS Cryptographic key Downloader	1 Keyword trend analysis	1	10 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET HUNTING SUSPICIOUS alg.exe in URI Probable Process Dump/Trojan Download ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING EXE Using Suspicious IAT ZwUnmapViewOfSection Possible Malware Process Hollowing ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory	5.8	M	2	ZeroCERT

46915	2024-08-10 17:36	setup.exe 4cd5b2243b29cab51395d2b44395bc0c Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0			ZeroCERT

46916	2024-08-10 17:36	setup.exe 67deec3842d186934a988642c6a9e7e9 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

46917	2024-08-10 17:38	Res.ps1 9f272ba7e7f85d4314931fc4fbae49f0 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory	5.4	M		ZeroCERT

46918	2024-08-10 17:38	setup.exe c2bc95f90972b102c87a90b48aaf88a5 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT

46919	2024-08-10 17:39	setup.exe f9a027d01be44c149f28e1ca0dd74e3c Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

46920	2024-08-10 17:40	Sli.ps1 a93c2401d4ef1d66c9ddf7c16d27ba8d Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0			ZeroCERT