Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
48946	2021-02-06 17:44	001_01.ps1 7c22563e145f88519cfbfd7f26d1e3ad VirusTotal Malware unpack itself malicious URLs					1.8		17	ZeroCERT

48947	2021-02-06 14:23	file.01.21.doc cfbd343882b57a2d395ddb566984a0dd Vulnerability VirusTotal Malware Check memory Checks debugger WMI Creates executable files unpack itself suspicious process malicious URLs Interception ComputerName DNS crashed	1 Keyword trend analysis	2			9.6		35	ZeroCERT

48948	2021-02-06 14:23	vbctwo.exe bc525d61492045490d2881099da3b8c4 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	24	ZeroCERT

48949	2021-02-06 12:10	vbcone.exe 4230c7d34c14cf01e829e38dea212409 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs DNS					6.4	M	25	ZeroCERT

48950	2021-02-06 12:10	serfen.exe 3e9d9b397d0fde6dad3ce778815f2b21 VirusTotal Malware Check memory RWX flags setting unpack itself					2.2	M	48	ZeroCERT

48951	2021-02-06 11:34	scr.dll d53d583c07dc9b095c98bc887dfd4586 VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS	1 Keyword trend analysis	1			4.4	M	35	ZeroCERT

48952	2021-02-06 11:32	scan0876578909.exe 39f4ffc88fcd126201927ad8b5db9e5e VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion DNS	14 Keyword trend analysis Info http://www.globuswarming.com/j5an/?LL3H=PpbP0OHf6Akn6ID8CdD6xwff/gveaPj3jaLG6UA72vshvsay78MUW4cWkBMgcTQWsnrGkpmR&3fvp8=8pDhHfcH1Plluv6 http://www.9247pf.com/j5an/ http://www.geisshaven.com/j5an/ http://www.aimtopshop.com/j5an/ http://www.streamelemeants.com/j5an/ http://www.erenvincplatform.xyz/j5an/ http://www.geisshaven.com/j5an/?LL3H=wj2oyY6i1GTpNktssWtjF7yqMw0S14RWt97GMlYmBSyaw3URsbLcIjXtwvV6wnqg/zLNEtMZ&3fvp8=8pDhHfcH1Plluv6 http://www.streamelemeants.com/j5an/?LL3H=hrvp4+cTNUhIU4CPtc4Npds81eds1Wb4LfPiDx6kUcwrGKBrK/T3B1KLbvNO7sTbOwwVByLV&3fvp8=8pDhHfcH1Plluv6 http://www.joyfinancialservices.com/j5an/?LL3H=D3M9x8lZIDevQzlXJjGu3ejHBZSREPLCIrWiPKDxJlCqJPOVUz2eEv0Vd1RYc6fBcYROYret&3fvp8=8pDhHfcH1Plluv6 http://www.9247pf.com/j5an/?LL3H=QwE4NiKywPa6PZW99LTc+RLLLvI900mvlHw23sXhmE4++vPF//Di/SMmkgahTeX7DOY1fM9u&3fvp8=8pDhHfcH1Plluv6 http://www.aimtopshop.com/j5an/?LL3H=jJjshI5vnHZOLBksI8pi1T5HGUoL30GaOgCsbqutA8xfwb4YKSjp/3a1xKd88+RZUyMeP8zF&3fvp8=8pDhHfcH1Plluv6 http://www.erenvincplatform.xyz/j5an/?LL3H=FjD5WV7yXbxRqUB8x7Lf/1T5kS86f7OOBN9Szcru3lz0q/RFudDfpNvmXTZRerYcn3X1Ija2&3fvp8=8pDhHfcH1Plluv6 http://www.joyfinancialservices.com/j5an/ http://www.globuswarming.com/j5an/	22 Info www.rahmatsuparman.com() www.streamelemeants.com(81.17.18.194) www.yosyoshop.com() - mailcious www.9247pf.com(104.21.20.186) www.release-paypal.com() www.erenvincplatform.xyz(93.89.226.17) www.chuanxingtong.com() - mailcious www.aulbalu.com() www.joyfinancialservices.com(69.16.211.30) www.kojyouibennto.com(192.0.78.24) - mailcious www.globuswarming.com(184.168.131.241) www.geisshaven.com(162.241.30.119) www.aimtopshop.com(172.67.147.106) www.shakhriyarmamedyarov.com() 93.89.226.17 - mailcious 184.168.131.241 - mailcious 172.67.147.106 162.241.30.119 192.0.78.25 - mailcious 81.17.18.194 - suspicious 69.16.211.30 104.21.20.186			6.6	M	36	ZeroCERT

48953	2021-02-06 11:30	Pay-954.xls 778588f472b7cca6fe01a033c99e3d63 VirusTotal Malware unpack itself					1.0	M	11	ZeroCERT

48954	2021-02-06 11:24	Pay-954.xls 778588f472b7cca6fe01a033c99e3d63 VirusTotal Malware unpack itself malicious URLs DNS					2.4	M	11	ZeroCERT

48955	2021-02-06 11:23	items.exe ec7a7e9dcc807622e879d90eacd3ce87 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2			13.4	M	18	ZeroCERT

48956	2021-02-06 10:14	newage.exe 1b7c733ed90746e39840f69d9eac4716 VirusTotal Malware Check memory Checks debugger unpack itself					1.4	M	17	ZeroCERT

48957	2021-02-06 10:08	Inf_952.xls f809988bc3bf6e667dc9b46075639fdb VirusTotal Malware unpack itself					1.0	M	10	ZeroCERT

48958	2021-02-06 10:07	ioir.png.exe d31c0491f522d6b9f2102109bd2420af VirusTotal Malware RCE					1.6	M	29	ZeroCERT

48959	2021-02-06 09:57	dozz.exe d070bf6585deded9e331ae77de76fcc4 Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns Code Injection Check memory Checks debugger buffers extracted WMI wscript.exe payload download Creates executable files unpack itself malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Interception Windows Houdini ComputerName DNS DDNS Dropper	4 Keyword trend analysis	6	5		10.0	M	23	ZeroCERT

48960	2021-02-06 09:57	chrome.exe cf2e53eead99c4e7921b768bd649b7c3 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger buffers extracted exploit crash unpack itself malicious URLs Ransomware Windows Exploit Browser Tor DNS Cryptographic key Software crashed					13.8	M	32	ZeroCERT