Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50356	2020-11-18 18:14	nass.exe d9e4ff69934ce995feaa9e54e0d5ad07 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger ICMP traffic unpack itself Windows utilities malicious URLs Windows	2 Keyword trend analysis	5			6.6	M	40	ZeroCERT

50357	2020-11-18 18:10	emthree.exe b017a31549aa5edeccecab2f3e717d1b VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows DNS Cryptographic key					10.4	M	21	ZeroCERT

50358	2020-11-18 18:10	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					12.2		30	ZeroCERT

50359	2020-11-18 18:03	abw.exe 678dac5fc4c6a55f032ba40698895e6a Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName Cryptographic key crashed		2			15.6	M		guest

50360	2020-11-18 18:03	eic.exe 665bfadaa21dc3f298b0c886b6867cd1 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows DNS crashed	1 Keyword trend analysis	2	1		10.8	M	48	guest

50361	2020-11-18 13:43	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					12.0		22	guest

50362	2020-11-18 12:32	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					13.2		22	guest

50363	2020-11-18 10:28	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					13.2		22	ZeroCERT

50364	2020-11-18 10:27	eic.exe 665bfadaa21dc3f298b0c886b6867cd1 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS crashed					7.2	M	43	ZeroCERT

50365	2020-11-18 09:37	document1.doc f9a6dc3c7aa957c70e4f539d72e54c4f Malware download Azorult VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Zeus Windows Exploit DNS crashed		3	7 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE AZORult v3.3 Server Response M3 ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)		5.6	M	25	ZeroCERT

50366	2020-11-18 09:37	document.doc 41820dc68297b85f7dc85540a3423c1d VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.2	M	24	ZeroCERT

50367	2020-11-18 09:33	CKC.exe d54d01d0a3a073d1d2a3b70e0d9852cc VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows Cryptographic key	1 Keyword trend analysis	2	1		10.4	M	14	ZeroCERT

50368	2020-11-18 09:30	3MLDad2sFoYnTE9.exe 8849ec79aac67ee11e47fca7938ccfb5 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser ComputerName Software crashed keylogger	2 Keyword trend analysis	6	3		11.2	M	23	ZeroCERT

50369	2020-11-18 09:28	CKC.exe d54d01d0a3a073d1d2a3b70e0d9852cc VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS Cryptographic key					7.0	M	14	ZeroCERT

50370	2020-11-18 08:00	http://151.80.8.30/document1.d... f9a6dc3c7aa957c70e4f539d72e54c4f Dridex VirusTotal Malware Code Injection Malicious Traffic exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	5		4.6		25	ZeroCERT