Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50581	2020-11-18 18:19	OSW.exe db4fc561ac6d5394b38a7700964cd82c VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows Cryptographic key	1 Keyword trend analysis	2	1		10.2	M	20	ZeroCERT

50582	2020-11-18 18:14	OGtxupQ48uyfia3.exe 78f9fe744846ebeb2d2e7224af27f02c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	5		13.2	M	26	ZeroCERT

50583	2020-11-18 18:14	nass.exe d9e4ff69934ce995feaa9e54e0d5ad07 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger ICMP traffic unpack itself Windows utilities malicious URLs Windows	2 Keyword trend analysis	5			6.6	M	40	ZeroCERT

50584	2020-11-18 18:10	emthree.exe b017a31549aa5edeccecab2f3e717d1b VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows DNS Cryptographic key					10.4	M	21	ZeroCERT

50585	2020-11-18 18:10	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					12.2		30	ZeroCERT

50586	2020-11-18 18:03	abw.exe 678dac5fc4c6a55f032ba40698895e6a Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName Cryptographic key crashed		2			15.6	M		guest

50587	2020-11-18 18:03	eic.exe 665bfadaa21dc3f298b0c886b6867cd1 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows DNS crashed	1 Keyword trend analysis	2	1		10.8	M	48	guest

50588	2020-11-18 13:43	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					12.0		22	guest

50589	2020-11-18 12:32	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					13.2		22	guest

50590	2020-11-18 10:28	ebyjon.exe 7e0601f46369fa6ad8d291b1205068d5 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					13.2		22	ZeroCERT

50591	2020-11-18 10:27	eic.exe 665bfadaa21dc3f298b0c886b6867cd1 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS crashed					7.2	M	43	ZeroCERT

50592	2020-11-18 09:37	document1.doc f9a6dc3c7aa957c70e4f539d72e54c4f Malware download Azorult VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Zeus Windows Exploit DNS crashed		3	7 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE AZORult v3.3 Server Response M3 ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)		5.6	M	25	ZeroCERT

50593	2020-11-18 09:37	document.doc 41820dc68297b85f7dc85540a3423c1d VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.2	M	24	ZeroCERT

50594	2020-11-18 09:33	CKC.exe d54d01d0a3a073d1d2a3b70e0d9852cc VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows Cryptographic key	1 Keyword trend analysis	2	1		10.4	M	14	ZeroCERT

50595	2020-11-18 09:30	3MLDad2sFoYnTE9.exe 8849ec79aac67ee11e47fca7938ccfb5 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser ComputerName Software crashed keylogger	2 Keyword trend analysis	6	3		11.2	M	23	ZeroCERT