Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50011	2020-11-28 10:15	Jqeofcirr6.exe 0998148d355b1e7bad7b44558aa4c125 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows ComputerName DNS Cryptographic key					4.4	M	35	ZeroCERT

50012	2020-11-28 10:15	5901777.pdf.exe 7e26e87ab642008d934824d509559859 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					3.0	M	38	ZeroCERT

50013	2020-11-28 10:11	oxiba.exe 9817218c055db1b75d64df2ae2f40f53 Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key crashed keylogger	3 Keyword trend analysis	6	1	1	19.0	M	27	ZeroCERT

50014	2020-11-28 10:10	0mrxdv.exe b7679c443e22238291f5603f016ff56e VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows ComputerName DNS Cryptographic key					4.2		23	ZeroCERT

50015	2020-11-28 09:40	http://115373.com/ 3b7b28992c82645f61bf6329cfa120c2 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	10 Info makemoneywithus.work(188.225.75.54) - mailcious clkfeed.com(173.192.101.21) - mailcious infopicked.com(173.192.101.24) - mailcious p277439.infopicked.com(173.192.101.24) - mailcious 115373.com(47.245.55.138) 47.245.57.170 173.192.101.21 - suspicious 95.216.179.33 173.192.101.24 - suspicious 188.225.75.54 - suspicious	5		5.6	M		guest

50016	2020-11-27 17:55	oxiba.exe 9817218c055db1b75d64df2ae2f40f53 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	1	11.2	M	27	ZeroCERT

50017	2020-11-27 17:48	Yvvtz1.exe 0d2637cb8d991ba05dd78136d2e01321 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key crashed					3.4	M	15	ZeroCERT

50018	2020-11-27 17:46	YAS2231.exe 99b81672c6ec04e7e6e6063b40d9127c VirusTotal Malware PDB suspicious privilege Creates executable files unpack itself AppData folder malicious URLs sandbox evasion ComputerName					4.8	M	51	ZeroCERT

50019	2020-11-27 17:44	xqakn8b.jpg.exe 1ba0b20a2d03d8af03a7faa42b06417f VirusTotal Malware unpack itself RCE crashed					2.6	M	55	ZeroCERT

50020	2020-11-27 17:42	winlog.exe e54d832cb872b7dc086ab7a7878d38fb VirusTotal Malware suspicious privilege Check memory unpack itself					3.6	M	51	ZeroCERT

50021	2020-11-27 17:42	vbclient.exe dff805106f7e22c65887f4b40ae63af7 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs WriteConsoleW IP Check ComputerName crashed	1 Keyword trend analysis	2	1		10.2	M	33	ZeroCERT

50022	2020-11-27 17:41	VYAaPkmx0DcECli.exe 8b32cc7f0fea5d2d75340eb71dc808ab VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS					9.4	M	20	ZeroCERT

50023	2020-11-27 17:37	vbclient.exe dff805106f7e22c65887f4b40ae63af7 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs WriteConsoleW IP Check ComputerName DNS	1 Keyword trend analysis	2	1		10.2	M	33	ZeroCERT

50024	2020-11-27 17:37	sxs.exe a59e8de8a970190ecb658bb9d8238e63 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed					10.2	M	28	ZeroCERT

50025	2020-11-27 17:34	sxs.exe a59e8de8a970190ecb658bb9d8238e63 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed					10.8	M	28	ZeroCERT