Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50101	2020-11-24 10:42	presh.doc 04fb044011085bc906ede48c396020c5 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed	2 Keyword trend analysis	5	5 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	25	ZeroCERT

50102	2020-11-24 10:33	Ohms.exe 3070eba41971269de72494cb416f60cf VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName DNS crashed					14.8	M	19	ZeroCERT

50103	2020-11-24 10:33	li.exe 59dbb16e78443176b4411b03e2e4598a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	4	5		14.8	M	37	ZeroCERT

50104	2020-11-24 10:10	in.exe a1fe6cc921fb6ac3c10d11c4ed1a0b01 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS					8.2	M	24	ZeroCERT

50105	2020-11-24 10:09	ewa.exe 80c6700fc3546cb510e5cd7497d13d7a VirusTotal Malware Check memory Checks debugger unpack itself					2.2	M	34	ZeroCERT

50106	2020-11-24 10:02	ewa.exe 80c6700fc3546cb510e5cd7497d13d7a VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName DNS crashed					15.2	M	34	ZeroCERT

50107	2020-11-24 10:00	app.exe 9664af963ef2d8889eeadd49c4b097e7 VirusTotal Malware unpack itself malicious URLs					2.4		21	ZeroCERT

50108	2020-11-24 09:26	RL Simple Replay Editor.exe 834d1178ddb53a4d76ad9ef05ec67f20 VirusTotal Malware Checks debugger unpack itself crashed					1.6		3	ZeroCERT

50109	2020-11-24 08:03	https://d3727mhevtk2n4.cloudfr... 66bb8e74def01a190673f6ea71c102ca Code Injection unpack itself Windows utilities Tofsee Windows	1 Keyword trend analysis	2	1		2.2			ZeroCERT

50110	2020-11-24 07:59	https://d3727mhevtk2n4.cloudfr... 66bb8e74def01a190673f6ea71c102ca Code Injection unpack itself Windows utilities Tofsee Windows	1 Keyword trend analysis	2	1		2.2			ZeroCERT

50111	2020-11-24 07:51	https://thebabsite.com/app/app... 5fc0b6da6d40f975a057a5cb9fa33bf5 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		5.4		23	ZeroCERT

50112	2020-11-23 15:55	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	60	ZeroCERT

50113	2020-11-23 14:43	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	60	admin

50114	2020-11-23 14:26	document.doc d188556b8782a4594736c1aeef79f2f5 VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself malicious URLs Tofsee Windows Exploit crashed	5 Keyword trend analysis	6	2		6.4		24	guest

50115	2020-11-23 14:23	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	60	admin