Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
52936	2020-07-27 11:28	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows	6 Keyword trend analysis	4			3.0

52937	2020-07-27 11:26	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows	6 Keyword trend analysis	4			3.0

52938	2020-07-27 09:32	DHL DOCUMENTS_doc.exe c8d3124da2597ed5622840c8129bd6f6 njRAT VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger ICMP traffic unpack itself Windows utilities malicious URLs WriteConsoleW human activity check Windows ComputerName DNS		1			8.4		59

52939	2020-07-27 09:28	narudžbe u vrećicama.exe 85a243b5639f697d6f9c30c8a1ea3f2a VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS	3 Keyword trend analysis Info http://www.regular8.info/kvsz/?ITsDV4m=iMOctYX+XkOuWII4CJD+ze9tDKeUlJxwfm7KH7BQTIrEZrL7aqcq2+cm0ENWj8hwTzATy9O5m6O8MuuX&Cj=lNg4u08pF8g http://www.hananoame.com/kvsz/ http://www.hananoame.com/kvsz/?ITsDV4m=FbsGOd7C8eoxD716sx/jTXLDlt/q3yHNsSiT98NcvUAYO18Bx4GE1qrgO4E3GT2sgvJR2gIhdDKX+hEb&Cj=lNg4u08pF8g&sql=1	2			12.4		45

52940	2020-07-26 19:20	http://southwestlogistics.net/... 654fdcfb7334c24fff5452d60a67083c Dridex VirusTotal Malware Code Injection Malicious Traffic buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	4	5		8.0		13

52941	2020-07-25 21:28	http://185.172.110.217/virp/Or... VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Windows DNS		1			4.8

52942	2020-07-25 21:20	http://wdwusa.org/temp/wresdfg... VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Windows	4 Keyword trend analysis Info http://wdwusa.org/temp/wresdfgr.exe http://wdwusa.org/img-sys/powered_by_cpanel.svg http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3	2			3.2	M

52943	2020-07-25 21:19	https://tenders-dz.com/license... Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS	2 Keyword trend analysis	2	3		3.2	M

52944	2020-07-25 21:16	cursor.png.exe ec90ccfa53fe7d8b77ed05c6ef51a7b1 Dridex TrickBot Malware Report suspicious privilege buffers extracted RWX flags setting unpack itself malicious URLs Tofsee Kovter ComputerName DNS	1 Keyword trend analysis	2	4		5.0

52945	2020-07-25 21:16	imgpaper.png.exe c8ae95169afd458d72ed44fa3b43bf01 RWX flags setting unpack itself crashed					1.8

52946	2020-07-25 12:17	red.vbs d82c3f19928753398542baaae81cdfbf Browser Info Stealer Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut ICMP traffic unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key crashed		2			16.8

52947	2020-07-25 12:10	64.exe 2258502bb5e0807e70a02fb9a39c6184 VirusTotal Malware MachineGuid Code Injection buffers extracted RWX flags setting Windows utilities suspicious process malicious URLs Tofsee Windows ComputerName		4	1		7.0		18

52948	2020-07-24 22:36	http://199.168.100.74/upsupx3.... 142709025a9e6d920384c011e24f83f3 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	4	7 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.6	M	59

52949	2020-07-24 22:34	http://heliosphere.us/temp/ter... cfd7c1f8740ca02f97a919d1ad537a1d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit ComputerName DNS Cryptographic key crashed	5 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://heliosphere.us/temp/terfdcv.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3	1	1		12.8		28

52950	2020-07-24 22:34	http://www.agarca.donaines.pt/... 6728e83545ea749e33ad6e83f90b6ba6 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed	5 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://www.agarca.donaines.pt/templates/beez3/VazBBV.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3	2	1		5.6		28