Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48256	2024-09-22 17:32	nicetomeetyouthepersonwhowantt... 0d757ee344608da8c37c0615639f3cca MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed		3	1	4.6	M	36	ZeroCERT

48257	2024-09-22 17:33	weneednicepicturewithyousheisv... 248f534e473f9a51934121421533ecd9 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed		3	1	4.6	M	38	ZeroCERT

48258	2024-09-22 17:34	svchost.exe c07546595e442004cc042bdccc7be9dd Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key				8.0	M	20	ZeroCERT

48259	2024-09-22 17:35	weseethepicturewithnewthingswi... ff64b33fa40cc3a4224a944bb5eb0d0b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed		3	1	4.6	M	39	ZeroCERT

48260	2024-09-22 17:36	pqo7.exe 663d0436397ed16b1f6f665941676469 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.0	M	34	ZeroCERT

48261	2024-09-22 17:37	990.exe aace5ed77f7d47cad3e45e0ccdc5411c Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Tofsee		2	2	1.4	M	54	ZeroCERT

48262	2024-09-22 17:38	JavaX-Helper.exe dc2b184d9a0235002ea6626da9aa89ad Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0	M	57	ZeroCERT

48263	2024-09-22 17:42	66ee79315857f_setup33333.exe#l... 2f59fbd6623872fbdc2f63d18023bfda Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				1.8	M	28	ZeroCERT

48264	2024-09-22 17:43	KeyFormed.exe a823c6a042891f63236b8ae3d9c13ba3 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW Windows ComputerName				7.4	M	25	ZeroCERT

48265	2024-09-22 17:43	tyh.exe 9c4b68850249e708088728ef30466d0a AsyncRAT task schedule Downloader Malicious Packer .NET framework(MSIL) UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				5.2	M	59	ZeroCERT

48266	2024-09-22 17:44	CodeSpaces.exe 0ae64215fbc26410679e9f8e12248b60 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.0	M	38	ZeroCERT

48267	2024-09-22 17:45	ou9.exe e3107006030849c277e057b5a5fedc06 ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	10.0	M	52	ZeroCERT

48268	2024-09-22 17:45	Microsoft.exe 96f6cb8e78692f8bff528da76bfde919 Malicious Library UPX AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Windows utilities suspicious process sandbox evasion WriteConsoleW anti-virtualization Tofsee Windows ComputerName	1 Keyword trend analysis Info https://eijfrhegrtbrfcd.online/json.php?token=ewogICJjcHVDb3JlcyI6ICIxMjc2MzEzNjAiLAogICJ0b3RhbE1lbW9yeSI6ICI1MTE5IE1CIiwKICAicGxhdGZvcm0iOiAiV2luZG93cyIsCiAgImFyY2giOiAieDY0IiwKICAibW9kZWwiOiAiVEVTVDIyLVBDIiwKICAib3NWZXJzaW9uIjogIk1pY3Jvc29mdCBXaW5kb3dzIDciLAogICJwcm9jZXNzb3JOYW1lIjogIkludGVsKFIpIENvcmUoVE0pIGk1LTg0MDAgQ1BVIEAgMi44MEdIeiIsCiAgInN5c3RlbU1vZGVsIjogIlVua25vd24gTW9kZWwiLAogICJjb25maWd1cmF0aW9uIjogIjMiLAogICJ0b2tlbiI6ICJMZWdlbmRhcnkyMjgiCn0=	2	1	7.6	M	39	ZeroCERT

48269	2024-09-22 17:46	Sus.exe a6ffb8e0386c0f1a1a611c7922dc1b08 ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader		2	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	10.0	M	55	ZeroCERT

48270	2024-09-22 17:47	weneednewthingstogetmebackwith... 0f700130bb0477a08b0160b460ee0980 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed		3	1	4.6	M	38	ZeroCERT