Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5821	2024-02-07 18:30	20a6e2ae.exe 28714b46faf9526f294e3361a8b07da5 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	41	ZeroCERT

5822	2024-02-07 18:29	booking.exe 02544f92ccf3b68f5e2f3dd507571417 Suspicious_Script_Bin Malicious Library UPX .NET framework(MSIL) AntiDebug AntiVM PE32 PE File OS Processor Check .NET EXE VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution Cryptographic key					11.8		50	ZeroCERT

5823	2024-02-07 18:28	happybabygirl.vbs 0287a027d55b1b828ee376c5ec5a49f4 VirusTotal Malware wscript.exe payload download Tofsee	2 Keyword trend analysis	2	2		2.6		3	ZeroCERT

5824	2024-02-07 18:27	conhost.exe d5bb377745f31568c0c859082ac014fa PE32 PE File .NET EXE VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself					3.0	M	28	ZeroCERT

5825	2024-02-07 18:26	microsoftballonprocessmethodis... 7f9e5a43667c46a0443441a49c96c769 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	3	3		4.6	M	34	ZeroCERT

5826	2024-02-07 18:25	ss_conn_service.exe 4fd20b83f785393e13bf3734fb9ed52f Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			4.2		16	ZeroCERT

5827	2024-02-07 15:58	AnyDesk_setup.exe 75eecc3a8b215c465f541643e9c4f484 UPX PE32 PE File VirusTotal Malware PDB Check memory WMI unpack itself Check virtual network interfaces sandbox evasion anti-virtualization ComputerName Software AnyDesk		2	1		5.4		2	ZeroCERT

5828	2024-02-07 10:07	1.exe 3ae39f0bbdf786e7616d65c3a9b82a05 Antivirus UPX PE32 PE File .NET EXE OS Processor Check Lnk Format GIF Format AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName					4.4			ZeroCERT

5829	2024-02-07 09:58	plaza.exe 335d5775c28ccd69cdd1e8e2a515b6c8 Client SW User Data Stealer browser info stealer Themida Packer Generic Malware Google Chrome User Data Downloader Malicious Packer UPX Malicious Library Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal cred Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	15 Keyword trend analysis Info http://193.233.132.167/mine/plaza.exe - rule_id: 39347 http://193.233.132.167/cost/ladas.exe - rule_id: 39348 http://193.233.132.167/cost/fu.exe - rule_id: 39344 http://193.233.132.167/mine/amert.exe - rule_id: 39345 http://193.233.132.167/cost/niks.exe - rule_id: 39346 http://www.maxmind.com/geoip/v2.1/city/me https://www.google.com/favicon.ico https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp28tnRArG_VN8BI9dfzHYakq9N2zEEx8cxLdaF94Kjjq2DERGsvvHIjjqW9ygxAMghmBqY2&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S2114938119%3A1707266605169843 https://accounts.google.com/ https://accounts.google.com/_/bscframe https://accounts.google.com/generate_204?TjCi7Q https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp2HN8VLVuuwKfA0fxKKg5d9ZDbUME-wmo6yxQxKMid1cKFB360oS5JNvk6nx6RGqmFrMRQe https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	14 Info db-ip.com(172.67.75.166) www.google.com(172.217.161.228) ssl.gstatic.com(172.217.161.195) ipinfo.io(34.117.186.192) accounts.google.com(64.233.188.84) www.maxmind.com(104.18.146.235) 104.18.145.235 104.26.4.15 173.194.174.84 193.233.132.62 - mailcious 34.117.186.192 142.251.220.35 193.233.132.167 - malware 142.251.220.4	12 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download	5	25.4	M		ZeroCERT

5830	2024-02-07 09:49	may.exe b7c2f2c7bc17e610c69a15f8090753b7 Emotet Gen1 Malicious Library UPX Anti_VM PE32 PE File MZP Format DllRegisterServer dll OS Processor Check PE64 DLL ftp VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					4.2	M	12	ZeroCERT

5831	2024-02-07 09:47	niks.exe 3f5e1dc9589f4a74df9c3b8b53af5719 PE32 PE File .NET EXE suspicious privilege Checks debugger unpack itself Disables Windows Security Windows Update ComputerName crashed					4.2	M		ZeroCERT

5832	2024-02-07 09:46	ladas.exe 3abeb1a3fd51f3ab844411ae46be1f6a UPX PE32 PE File Malware download Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed	2 Keyword trend analysis	7	4		9.6			ZeroCERT

5833	2024-02-07 09:25	newmicrosoftupgradeisveryimpor... feae475c805c9a6bc0dce1922ff54d9b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	3	3		4.6	M	35	ZeroCERT

5834	2024-02-07 09:23	watermillon.vbs fb2db02162fdb9cf1ff46c0ea22026e3 VirusTotal Malware wscript.exe payload download Tofsee	2 Keyword trend analysis	2	2		2.0	M	5	ZeroCERT

5835	2024-02-07 09:21	lumma.exe c9babbaf26dae390499b2b9209904871 Malicious Library UPX ScreenShot AntiDebug AntiVM PE32 PE File OS Processor Check VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution crashed					6.6	M	29	ZeroCERT