Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
49996	2020-12-01 10:20	urevinisaj.exe ccb76815c9e96925342582ec52a93d36 VirusTotal Malware ICMP traffic malicious URLs		2		3.8		46	admin

49997	2020-12-01 09:55	1130_206410993.doc 28ab184b90b90e55e154e718eaf4cc1f Vulnerability VirusTotal Malware Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check ComputerName	1 Keyword trend analysis	4	1	9.6	M	15	ZeroCERT

49998	2020-12-01 09:53	565923964123873366320050276814... 843a44fc8293f876b0568ac437ebcd8a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key				6.4	M	37	ZeroCERT

49999	2020-12-01 09:50	S3w3ZsAA.exe d91271a9f0236cf9391a3f5581dcd3c8 ICMP traffic malicious URLs		2		2.6			admin

50000	2020-12-01 08:03	http://149.3.170.144/gt-hot/we... bf613fe70f790d4b932601daa60a8797 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	6.0		17	ZeroCERT

50001	2020-11-30 18:53	r.exe a5b4252c8bac59ad90a543ec1f2e4a7a VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	61	ZeroCERT

50002	2020-11-30 12:17	document.doc 1a37ee9af5af28b2050e16c0eb6e5865 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.2	M	24	ZeroCERT

50003	2020-11-30 12:16	tlsr.exe d524e4f850643554f0b3308142dba833 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs ComputerName				4.6	M	54	ZeroCERT

50004	2020-11-30 12:13	Wrap.exe 9813598ca60fc1e908f8236d767b14bf VirusTotal Malware suspicious process malicious URLs WriteConsoleW				2.4	M	34	ZeroCERT

50005	2020-11-30 12:07	Invoice_27.11.2020.doc 75ab2dba33584ea3ea57e73a21bab919 Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed	4 Keyword trend analysis	3	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server) ET MALWARE Possible Windows executable sent when remote host claims to send a Text File ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	5.4	M	33	ZeroCERT

50006	2020-11-30 12:07	osk.exe 315efcfaf3329dc6fb4a67bbb0b89620 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities WriteConsoleW Windows ComputerName DNS				6.0	M	42	ZeroCERT

50007	2020-11-30 12:01	images.exe ee4555ac614048e36aae067b6a032951 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW human activity check Windows ComputerName DNS		1	1	12.8	M	58	ZeroCERT

50008	2020-11-30 12:01	a.exe 2764acacf3bd324b63fb660859fa28f9 Malware download VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName RCE DNS	2 Keyword trend analysis	1	3	9.6	M	47	ZeroCERT

50009	2020-11-28 10:17	Pdxpforzum1.exe 1cb0218248ea6be6b4fc59e43bb88c99 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				3.0	M	36	ZeroCERT

50010	2020-11-28 10:17	Nmsdmwkbi4.exe 224e779ff4d39ce90878ae3e630197e7 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				2.8	M	22	ZeroCERT

Submissions

ccb76815c9e96925342582ec52a93d36

28ab184b90b90e55e154e718eaf4cc1f

843a44fc8293f876b0568ac437ebcd8a

d91271a9f0236cf9391a3f5581dcd3c8

bf613fe70f790d4b932601daa60a8797

a5b4252c8bac59ad90a543ec1f2e4a7a

1a37ee9af5af28b2050e16c0eb6e5865

d524e4f850643554f0b3308142dba833

9813598ca60fc1e908f8236d767b14bf

75ab2dba33584ea3ea57e73a21bab919

315efcfaf3329dc6fb4a67bbb0b89620

ee4555ac614048e36aae067b6a032951

2764acacf3bd324b63fb660859fa28f9

1cb0218248ea6be6b4fc59e43bb88c99

224e779ff4d39ce90878ae3e630197e7

View

Insert

Alert