Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48901	2024-10-16 14:30	qet-test.exe ac32f23e9c96c392ceed9e6c5ee5857d Malicious Library PE File PE32 VirusTotal Malware RWX flags setting DNS		1		3.2	M	65	ZeroCERT

48902	2024-10-16 15:40	INVOICE 340138551.pdf.lnk 0b519e6f069c8c31d60817f1d8c07284 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.2		10	ZeroCERT

48903	2024-10-16 15:40	IMG1202400210015.vbs f8dc85f113c802a5e8d7da5cf5da5aa2 Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware Checks debugger Creates executable files RWX flags setting unpack itself AppData folder Tofsee Interception crashed		2	1	7.6		24	guest

48904	2024-10-16 15:41	update.exe 1be00ea3f590967b51f53e357a789fc6 Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 PNG Format JPEG Format VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger ICMP traffic RWX flags setting unpack itself Check virtual network interfaces Interception Windows DNS Cryptographic key	2 Keyword trend analysis	2		7.4	M	45	ZeroCERT

48905	2024-10-16 15:42	WebMailTester.exe c3509310546d5a0de9f11fefe3410a9e Generic Malware Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware unpack itself crashed		1		1.8		2	guest

48906	2024-10-16 15:42	WebMailTester.exe c3509310546d5a0de9f11fefe3410a9e Generic Malware Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware Check memory unpack itself crashed		1		2.0		2	guest

48907	2024-10-16 15:42	nicewithgreatpcitureofgreatthi... 50be39f9395a2fc9ad323ad2a57b0666 Generic Malware Antivirus Downloader AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		11.6		20	ZeroCERT

48908	2024-10-16 17:37	seethebestthingswithmegreatday... 3734b6b1d8a5b84814fa08ce7b1ef6c7 Generic Malware Antivirus AntiDebug AntiVM MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows Exploit ComputerName DNS Cryptographic key crashed		1		12.8		19	ZeroCERT

48909	2024-10-16 17:37	niceworkingprojectforeveryone.... 44ad3c49b38f4f6f1739baf86d528fd3 Generic Malware Antivirus Malicious Library UPX AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	5	9 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	18.6	M	27	ZeroCERT

48910	2024-10-16 17:38	challenge_2.exe c9e30fa664bd602e6e77bf6c4280d3b6 UPX PE File PE64 OS Processor Check Emotet Code Injection unpack itself Remote Code Execution				3.0			guest

48911	2024-10-16 19:40	https://pt.org.br/ Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2	4.6			guest

48912	2024-10-16 21:29	Bootstrapper.exe 2a4dcf20b82896be94eb538260c5fb93 Malicious Library .NET framework(MSIL) UPX PE File PE64 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows ComputerName crashed		4	1	4.4	M	58	guest

48913	2024-10-17 09:42	taskhostsw.exe 5f0d270fd5e773cd03b98c72112e5426 Generic Malware Malicious Library UPX Antivirus PE File PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.0		12	ZeroCERT

48914	2024-10-17 09:44	EakLauncher.exe 0c525a4d1582c28fc5b80d49fdfed542 .NET framework(MSIL) AntiDebug AntiVM PE File PE64 .NET EXE PNG Format MSOffice File JPEG Format VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	3	1	6.6	M	9	ZeroCERT

48915	2024-10-17 09:46	Ammyy.exe 3b4ed97de29af222837095a7c411b8a1 Ammy Admin Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Check memory anti-virtualization Windows Remote Code Execution DNS		3	1	5.2	M	53	ZeroCERT