Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
5371	2024-04-24 09:20	45690.exe 7c7a60a2b1ba76a894db318993c69bfe Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				1.8		30	ZeroCERT

5372	2024-04-24 09:18	45697.exe 91bc63bbaeb58a07374126002e6fef62 Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				1.8	M	26	ZeroCERT

5373	2024-04-24 09:18	degrado-lavacrypt-dfgs.exe 7d5053287343d71bf9e3b913d4e4e551 PE64 PE File VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.2	M	28	ZeroCERT

5374	2024-04-24 09:16	steamworks.exe 91ab4023c2870d3adbc35385a9ea882a Generic Malware EnigmaProtector PE File PE32 VirusTotal Malware unpack itself suspicious TLD sandbox evasion ComputerName Remote Code Execution DNS crashed		1	1	3.6		23	ZeroCERT

5375	2024-04-24 09:16	softcore-shd-lavacrypt.exe f1de359b4cb3e98d01e03f7f4aff75d7 PE64 PE File VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.2		28	ZeroCERT

5376	2024-04-24 09:14	noncryptedmainstub.exe 9eab8c5d7b1f4659a787cc77d571f03b PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed				3.2		47	ZeroCERT

5377	2024-04-24 09:14	krummy-lavacrypt-gfhd.exe af1082c667a09a0f1f6adb041ca37d34 UPX PE64 PE File OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.2	M	28	ZeroCERT

5378	2024-04-24 09:12	qausarneedscrypted.exe 4d8cb64db6b9ae4663bb23229a6e9d16 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0		52	ZeroCERT

5379	2024-04-24 09:11	hajde-lavacrypt-dfgs.exe f561ee026ad652bed5d2dbca19b0f6da UPX PE64 PE File OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.4	M	35	ZeroCERT

5380	2024-04-24 09:06	qauasariscrypted.exe eb0beafcb365cd20eb00ff9e19b73232 Generic Malware task schedule Malicious Library Malicious Packer Antivirus UPX ScreenShot PWS DNS KeyLogger AntiDebug AntiVM PE64 PE File OS Processor Check PNG Format MSOffice File JPEG Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	3	13.4	M	29	ZeroCERT

5381	2024-04-24 09:06	ads.exe 2d41e117f7b73d3b0b8804794b4fe9dd Formbook Generic Malware Malicious Library Malicious Packer UPX PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check RedLine Malware download VirusTotal Malware Microsoft Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself AppData folder Stealer DNS		1	4	9.0	M	28	ZeroCERT

5382	2024-04-24 09:03	gidro.exe 6a1ca153932a4d9b645a9cf47f30da65 Themida Packer Malicious Packer UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)	15.4		21	ZeroCERT

5383	2024-04-24 09:03	Fzonsvup.exe 1c762a2cd186f1cde4b9e5d743eca3b5 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed				3.2		40	ZeroCERT

5384	2024-04-23 11:19	toolspub1.exe ace2b92a3208dec19577cbac84d543b2 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself				2.2	M	49	ZeroCERT

5385	2024-04-23 11:19	mmfd.exe bbf48f853fcf1d291cfbc0dfd522e75e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE64 PE File DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself				3.2	M	45	ZeroCERT