Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48916	2021-02-08 18:49	svch.exe bd5f241d3095d44cf9789ad5410a865a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed				10.2	M	39	ZeroCERT

48917	2021-02-08 18:49	vbc.exe 0b16b50a859139aac93a2be35fa20e83 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key	1 Keyword trend analysis	3		8.2	M	29	ZeroCERT

48918	2021-02-08 10:42	GOD.exe cd2767631e3328381a2586a50c3319c5 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed				10.8	M	29	ZeroCERT

48919	2021-02-08 10:38	yes.exe 2d969ac05ad61e5cae89e7ba240d07ff VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key DDNS		2	1	12.0	M	10	ZeroCERT

48920	2021-02-07 18:50	7zip.exe 7924a40132d1bfd4ac18d7285d27a45c Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	8	1	14.0	M	24	ZeroCERT

48921	2021-02-07 14:20	upgrade.exe 5871d1a94b005c017c8da45e8687b719 Browser Info Stealer powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Windows Browser ComputerName RCE DNS Cryptographic key		1		11.6			ZeroCERT

48922	2021-02-07 14:15	downloaddocument.doc e376b39131f03b1fecb3fb6c63543da3 VirusTotal Malware unpack itself				1.0		12	ZeroCERT

48923	2021-02-06 23:12	Runtime Broker.exe ece7422d1f658467ffa949aad9c97835 VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS				6.6	M	51	ZeroCERT

48924	2021-02-06 23:10	Qykk.exe f90879110d316ff87567e5090b32099c VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key		1		10.0		23	ZeroCERT

48925	2021-02-06 22:56	Qyk.exe e78cbadebcab904533da436a9d901b6b VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Windows DNS DDNS	1 Keyword trend analysis	3	1	11.8		20	ZeroCERT

48926	2021-02-06 22:56	olu.exe f830a5f09a6ca01aef72d5c1bc7a05e6 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1		10.8		48	ZeroCERT

48927	2021-02-06 22:22	xmrig.exe 5f2a8fe0c9675f3cad5458dfbac33e34 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces malicious URLs sandbox evasion WriteConsoleW Tofsee Windows ComputerName Firmware DNS	3 Keyword trend analysis Info http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1612617377&mv=m&mvi=3&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:2977330834&cup2hreq=1031b47b3af3ca2b6c9251c0ac1defe628feb00e9ff074e9f24904f01ee04de9	3	3	14.4	M	28	ZeroCERT

48928	2021-02-06 22:21	x64i.exe ac258875e361a45a4de5fb07ed5d89dd VirusTotal Malware PDB suspicious privilege Code Injection Checks debugger buffers extracted				7.2	M	30	ZeroCERT

48929	2021-02-06 22:17	update.exe 01c615395a542dead29b178a9bc00894 VirusTotal Malware Buffer PE AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Windows DNS				9.4	M	31	ZeroCERT

48930	2021-02-06 22:16	test.exe fcdddc70d761c04c8f5800c567c60e95 VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Tofsee Windows DNS DDNS	2 Keyword trend analysis	7	5 Info ET INFO DYNAMIC_DNS Query to *.dyndns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response	11.0	M	55	ZeroCERT

Submissions

bd5f241d3095d44cf9789ad5410a865a

0b16b50a859139aac93a2be35fa20e83

cd2767631e3328381a2586a50c3319c5

2d969ac05ad61e5cae89e7ba240d07ff

7924a40132d1bfd4ac18d7285d27a45c

5871d1a94b005c017c8da45e8687b719

e376b39131f03b1fecb3fb6c63543da3

ece7422d1f658467ffa949aad9c97835

f90879110d316ff87567e5090b32099c

e78cbadebcab904533da436a9d901b6b

f830a5f09a6ca01aef72d5c1bc7a05e6

5f2a8fe0c9675f3cad5458dfbac33e34

ac258875e361a45a4de5fb07ed5d89dd

01c615395a542dead29b178a9bc00894

fcdddc70d761c04c8f5800c567c60e95

View

Insert

Alert