Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
5806	2024-02-08 09:28	IMG_4095.scr 337e300721c80ee6c114cc38b2ed786a Emotet Malicious Library Admin Tool (Sysinternals etc ...) UPX PE32 PE File MZP Format VirusTotal Malware buffers extracted unpack itself sandbox evasion Browser ComputerName DNS		1		5.4		25	ZeroCERT

5807	2024-02-08 09:15	a.png.ps1 de5172130e9cc5da5a3df96daf0e945a Formbook Hide_EXE Generic Malware Antivirus VirusTotal Malware AutoRuns Check memory unpack itself WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis			2.0		5	ZeroCERT

5808	2024-02-08 09:12	new_image.jpg.exe c50dc32f0cabcf7d7b44031031026078 Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB				1.6		32	ZeroCERT

5809	2024-02-08 08:02	RUN.exe 1b8ceba270bcec714babe5a0862ef028 Generic Malware Admin Tool (Sysinternals etc ...) UPX Antivirus PE32 PE File PowerShell Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1	8.2	M		ZeroCERT

5810	2024-02-08 08:00	Earco8.exe 35ffefa212414c2538df410e5ad3afa7 Process Kill Malicious Library CryptGenKey UPX PE32 PE File OS Processor Check PDB unpack itself Remote Code Execution				1.2			ZeroCERT

5811	2024-02-08 08:00	build.exe 7487e2be7384a10f23c704635ab76b23 Gen1 Generic Malware Malicious Library ASPack Malicious Packer UPX Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget Check memory Creates executable files unpack itself				2.0	M		ZeroCERT

5812	2024-02-08 07:58	Brobite.exe 82d7425c9f8297a3ca6dd38b2ed71920 Malicious Library UPX PE32 PE File OS Processor Check PDB unpack itself Remote Code Execution				1.2			ZeroCERT

5813	2024-02-08 07:58	may.exe c94de80b5d3448c765888974d0e5d78d Emotet Gen1 Malicious Library UPX Anti_VM PE32 PE File MZP Format PE64 DLL OS Processor Check ftp Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.6			ZeroCERT

5814	2024-02-08 07:56	current.exe 2640c96c0be54c6f5b1880bdde2d0c92 Malicious Library UPX PE32 PE File OS Processor Check PDB unpack itself Remote Code Execution				1.2	M		ZeroCERT

5815	2024-02-07 18:40	rega.exe bb615fb229575e6df006c102ff561991 UPX PE32 PE File Malware download VirusTotal Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	4	10.0	M	38	ZeroCERT

5816	2024-02-07 18:38	vbsmicrosoftdesignballonproces... 90437996bafd525c4df2b1ad8a77e22c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	3	3	4.6	M	34	ZeroCERT

5817	2024-02-07 18:36	mangero.vbs 3eeaaa825aeaf23c720e999c1fa689f1 VirusTotal Malware wscript.exe payload download Tofsee	2 Keyword trend analysis	2	2	2.0	M	3	ZeroCERT

5818	2024-02-07 18:33	native.exe 1a917a85dcbb1d3df5f4dd02e3a62873 Hide_EXE .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.6	M	55	ZeroCERT

5819	2024-02-07 18:32	microsoftballonprocessmethodis... 0c36828dfafeaeb16c7157c212ba62ef MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	3	3	4.6	M	34	ZeroCERT

5820	2024-02-07 18:31	Microsoftaianterioerdesigntrac... eb27007aee3b462d8c696fadcfceb86b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	31	ZeroCERT