Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
5326	2021-02-20 19:50	ebook.exe 07f79b595254bd60ccec7561e858de35 Check memory Checks debugger unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check	2 Keyword trend analysis				3.0			guest

5327	2021-02-20 19:50	local.exe 21d160d4752d40baaaf7cb5e2d2ed52b VirusTotal Malware unpack itself Remote Code Execution	3 Keyword trend analysis				2.2		21	guest

5328	2021-02-20 19:50	threex.exe cb543811126f9fbe90dacf4025042797 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs	1 Keyword trend analysis				2.6		31	guest

5329	2021-02-20 19:50	fourx.exe d14be22fbe0e28268fef84adf657d76c VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs DNS	3 Keyword trend analysis	1			4.4		22	guest

5330	2021-02-20 19:50	onex.exe eefefb81434a3b57d1fd4cb5d42114c8 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs DNS	2 Keyword trend analysis	1			4.4		20	guest

5331	2021-02-20 19:53	INVRS.exe ebb811d0396c06a70fe74d9b23679446 VirusTotal Malware unpack itself DNS	2 Keyword trend analysis				2.4		10	guest

5332	2021-02-20 19:53	1p5a53wm.b51.exe 0fb903f0809892bf7d7f21eae6ad28dc VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW human activity check Windows	9 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://www.bing.com/ http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.bing.com/favicon.ico http://www.bing.com/th?id=OHR.AABday_ROW7509883666_1920x1080.jpg&rf=LaDigue_1920x1080.jpg&pid=hp http://www.bing.com/fd/ls/l?IG=043F3A2D8D2C4B6B9C09E2F720D3709C&CID=01780408A55967761BED0BECA44C666F&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27undefined%27%uC740%28%uB294%29%20null%20%uC774%uAC70%uB098%20%uAC1C%uCCB4%uAC00%20%uC544%uB2D9%uB2C8%uB2E4.","Meta":"http%3A//www.bing.com/","Line":18,"Char":%20undefined}] http://www.bing.com/fd/ls/l?IG=043F3A2D8D2C4B6B9C09E2F720D3709C&CID=01780408A55967761BED0BECA44C666F&Type=Event.CPT&DATA={"pp":{"S":"L","FC":-1,"BC":-1,"SE":-1,"TC":-1,"H":62,"BP":172,"CT":203,"IL":1},"ad":[-1,-1,870,492,870,492,0]}&P=SERP&DA=HKGE01 http://www.bing.com/fd/ls/l?IG=043F3A2D8D2C4B6B9C09E2F720D3709C&CID=01780408A55967761BED0BECA44C666F&Type=Event.ClientInst&DATA=[{"T":"CI.GetError","FID":"CI","Name":"JSGetError","Text":"%27performance%27%uC774%28%uAC00%29%20%uC815%uC758%uB418%uC9C0%20%uC54A%uC558%uC2B5%uB2C8%uB2E4.","Meta":"http%3A//www.bing.com/","Line":18,"Char":%20undefined}] http://www.bing.com/sa/simg/hpc27.png				6.8		2	guest

5333	2021-02-20 19:55	SCR.exe 2ffb956f7e7a21c54dd411e6c6b7d005 VirusTotal Malware malicious URLs DNS	2 Keyword trend analysis				2.4		11	guest

5334	2021-02-20 19:56	Proxo 2 of 4_86134.exe 238b94895b10d3113dad0fffca1f4968 VirusTotal Malware Malicious Traffic Check memory Creates executable files RWX flags setting unpack itself malicious URLs Tofsee	10 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://dlsft.com/callback/geo/geo.php http://dlsft.com/callback/?channel=ProgramasGratis&id=86134&action=started http://dlsft.com/callback/offers.php http://dlsft.com/callback/info.php?id=86134 http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://img.programasgratis.es/fichas_210x140/5110_1.jpg https://cdn.cleanfile.xyz/setup https://www.dlsft.com/download.php?file=setup	7	1		5.2		43	guest

5335	2021-02-20 19:56	3w5vyhsm.chs.exe ff21bfb6689578309bba793ef75c6332 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows Exploit DNS crashed	36 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://a4.bing.com/fd/ls/l?IG=AEB9CC1FB0344DAEB358612764968A17&CID=1837EE8FCEC561662F98E16BCF6760C5&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1613832241233%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1613832241233%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1613832241233%2C%22Name%22%3A%221%22%2C%22FID%22%3A%22Mutation%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1613832241233%2C%22Name%22%3A%224%22%2C%22FID%22%3A%22DM%22%7D%2C%7B%22RTT%22%3A%221%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1613832241330%2C%22Name%22%3A%22ClientPerf%22%2C%22FID%22%3A%22HP%22%7D%2C%7B%22w%22%3A%221365%22%2C%22h%22%3A%221024%22%2C%22dpr%22%3A%220%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1613832241330%2C%22Name%22%3A%22ClientScreen%22%2C%22FID%22%3A%22HP%22%7D%2C%7B%22Time%22%3A698%2C%22T%22%3A%22CI.Latency%22%2C%22TS%22%3A1613832241339%2C%22Name%22%3A%22sBoxTime%22%2C%22FID%22%3A%22HP%22%7D%2C%7B%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1613832241416%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%5D http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.bing.com/rp/svI82uPNFRD54V4bMLaeahXQXBI.gz.js http://www.bing.com/rp/ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz.js http://www.bing.com/rp/hceflue5sqxkKta9dP3R-IFtPuY.gz.js http://www.bing.com/ipv6test/test?FORM=MONITR http://www.bing.com/rp/_ofc7e4WqqkT9lPqQJykFP4vxq4.gz.js http://www.bing.com/rp/2ajnlX1juJQ_Nu80sW46BDUL1-A.gz.js http://www.bing.com/Passport.aspx?popup=1 http://www.bing.com/rp/MDr1f9aJs4rBVf1F5DAtlALvweY.gz.js http://www.bing.com/rp/swyt_VnIjJDWZW5KEq7a8l_1AEw.gz.js http://www.bing.com/rp/n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz.js http://www.bing.com/rp/RXZtj0lYpFm5XDPMpuGSsNG8i9I.gz.js http://www.bing.com/rp/Rzsvw_wDLdlO1j0liY0kGWbLtGg.gz.js http://www.bing.com/rp/Dta1_Or8JEDr20O5LJEJy7sv1z0.gz.js http://www.bing.com/rp/fOTa3tS0UbBigvRZgJotvLqABI4.gz.js http://www.bing.com/rp/wNOiwlHhbbAgGouQxwFS8CWEuwU.gz.js http://www2.bing.com/ipv6test/test http://www.bing.com/ http://www.bing.com/rp/MstqcgNaYngCBavkktAoSE0--po.gz.js http://www.bing.com/fd/ls/lsp.aspx? http://www.bing.com/fd/ls/l?IG=AEB9CC1FB0344DAEB358612764968A17&CID=1837EE8FCEC561662F98E16BCF6760C5&Type=Event.CPT&DATA={"pp":{"S":"L","FC":-1,"BC":-1,"SE":-1,"TC":-1,"H":157,"BP":382,"CT":407,"IL":1},"ad":[-1,-1,1233,841,1233,841,0]}&P=SERP&DA=HKGE01 http://www.bing.com/rp/P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz.js http://www.bing.com/sa/simg/hpc27.png http://www.bing.com/rp/Xp-HPHGHOZznHBwdn7OWdva404Y.gz.js http://www.bing.com/sa/simg/favicon-2x.ico http://www.bing.com/th?id=OHR.AABday_ROW7509883666_1920x1080.jpg&rf=LaDigue_1920x1080.jpg&pid=hp http://www.bing.com/rp/eaMqCdNxIXjLc0ATep7tsFkfmSA.gz.js http://www.bing.com/rp/FvkosEDIbuCPhD1mwLAN-LJ7Coc.gz.js http://www.bing.com/rp/a282eRIAnHsW_URoyogdzsukm_o.gz.js http://www.bing.com/fd/ls/lsp.aspx https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1613818238&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fwww.bing.com%2Fsecure%2FPassport.aspx%3Fpopup%3D1&lc=1042&id=264960&checkda=1 https://www.bing.com/orgid/idtoken/conditional https://www.bing.com/secure/Passport.aspx?popup=1 https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=cb4d1b3a-44d6-43ed-bcaf-e7117c298f1c&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%22AEB9CC1FB0344DAEB358612764968A17%22%7d	8	2		7.0		1	guest

5336	2021-02-20 19:58	RussianDollTest.exe 8bbd5e482cb618e54ed597111d520f0f VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows Exploit DNS crashed	36 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.bing.com/rp/svI82uPNFRD54V4bMLaeahXQXBI.gz.js http://www.bing.com/rp/ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz.js http://www.bing.com/rp/hceflue5sqxkKta9dP3R-IFtPuY.gz.js http://www.bing.com/ipv6test/test?FORM=MONITR http://www.bing.com/rp/_ofc7e4WqqkT9lPqQJykFP4vxq4.gz.js http://www.bing.com/rp/2ajnlX1juJQ_Nu80sW46BDUL1-A.gz.js http://www.bing.com/Passport.aspx?popup=1 http://www.bing.com/rp/MDr1f9aJs4rBVf1F5DAtlALvweY.gz.js http://www.bing.com/rp/swyt_VnIjJDWZW5KEq7a8l_1AEw.gz.js http://a4.bing.com/fd/ls/l?IG=18CE5E9F5F8940A394632CC7ED43E607&CID=043AB4A3D2396D2226B9BB47D3AA6C7E&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1613821441667%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1613821441667%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1613821441667%2C%22Name%22%3A%221%22%2C%22FID%22%3A%22Mutation%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1613821441667%2C%22Name%22%3A%224%22%2C%22FID%22%3A%22DM%22%7D%2C%7B%22RTT%22%3A%221%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1613821441758%2C%22Name%22%3A%22ClientPerf%22%2C%22FID%22%3A%22HP%22%7D%2C%7B%22w%22%3A%221365%22%2C%22h%22%3A%221024%22%2C%22dpr%22%3A%220%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1613821441759%2C%22Name%22%3A%22ClientScreen%22%2C%22FID%22%3A%22HP%22%7D%2C%7B%22Time%22%3A682%2C%22T%22%3A%22CI.Latency%22%2C%22TS%22%3A1613821441808%2C%22Name%22%3A%22sBoxTime%22%2C%22FID%22%3A%22HP%22%7D%2C%7B%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1613821441913%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%5D http://www.bing.com/rp/n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz.js http://www.bing.com/rp/RXZtj0lYpFm5XDPMpuGSsNG8i9I.gz.js http://www.bing.com/rp/Rzsvw_wDLdlO1j0liY0kGWbLtGg.gz.js http://www.bing.com/rp/Dta1_Or8JEDr20O5LJEJy7sv1z0.gz.js http://www.bing.com/rp/fOTa3tS0UbBigvRZgJotvLqABI4.gz.js http://www.bing.com/rp/wNOiwlHhbbAgGouQxwFS8CWEuwU.gz.js http://www2.bing.com/ipv6test/test http://www.bing.com/ http://www.bing.com/rp/MstqcgNaYngCBavkktAoSE0--po.gz.js http://www.bing.com/fd/ls/lsp.aspx? http://www.bing.com/rp/P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz.js http://www.bing.com/sa/simg/hpc27.png http://www.bing.com/rp/Xp-HPHGHOZznHBwdn7OWdva404Y.gz.js http://www.bing.com/sa/simg/favicon-2x.ico http://www.bing.com/th?id=OHR.AABday_ROW7509883666_1920x1080.jpg&rf=LaDigue_1920x1080.jpg&pid=hp http://www.bing.com/rp/eaMqCdNxIXjLc0ATep7tsFkfmSA.gz.js http://www.bing.com/fd/ls/l?IG=18CE5E9F5F8940A394632CC7ED43E607&CID=043AB4A3D2396D2226B9BB47D3AA6C7E&Type=Event.CPT&DATA={"pp":{"S":"L","FC":-1,"BC":-1,"SE":-1,"TC":-1,"H":209,"BP":405,"CT":436,"IL":1},"ad":[-1,-1,1233,841,1233,841,0]}&P=SERP&DA=HKGE01 http://www.bing.com/rp/FvkosEDIbuCPhD1mwLAN-LJ7Coc.gz.js http://www.bing.com/rp/a282eRIAnHsW_URoyogdzsukm_o.gz.js http://www.bing.com/fd/ls/lsp.aspx https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=b81573da-d96c-4877-8ef5-2dce9fea8256&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2218CE5E9F5F8940A394632CC7ED43E607%22%7d https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1613818380&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fwww.bing.com%2Fsecure%2FPassport.aspx%3Fpopup%3D1&lc=1042&id=264960&checkda=1 https://www.bing.com/orgid/idtoken/conditional https://www.bing.com/secure/Passport.aspx?popup=1	7	2		8.2		2	guest

5337	2021-02-21 09:28	11.exe 2055c8af98ca708f9556baab52de02e8 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS					8.2	M	27	ZeroCERT

5338	2021-02-21 09:29	8.jjkes.exe 25056df6d3546de971eafe5da5f9ae44 Dridex TrickBot VirusTotal Malware Report PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed		6	6 Info ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 16 ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 12 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)		8.0	M	39	ZeroCERT

5339	2021-02-21 09:47	cmdzx.exe 173389c1303ed2a3f047a40b5c8e34ad VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName					9.4	M	23	ZeroCERT

5340	2021-02-21 09:47	cmdss.exe 173389c1303ed2a3f047a40b5c8e34ad VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS					9.4	M	23	ZeroCERT

First
Previous
351
352
353
354
355
356
357
358
359
360
Next
Last
Total : 48,354cnts