Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6361	2024-08-20 10:42	ow.exe 1a29969a7538662884fffe237d32fbc1 PE File PE32 Cobalt Strike Cobalt VirusTotal Malware c&c suspicious privilege Malicious Traffic unpack itself Windows utilities Detects VMWare suspicious process AppData folder VMware Tofsee Windows DNS crashed	9 Keyword trend analysis Info http://cdn.qqb3.com/API/General/lsrpu http://cdn.cuilet.com/http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99 http://cdn.qqb3.com/API/General/client_log_user http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99 http://apps.game.qq.com/comm-htdocs/ip/get_ip.php https://ip.cn/api/index?ip=cdn.cuilet.com&type=1 https://site.ip138.com/domain/read.do?domain=cdn.cuilet.com&time=1724129865281	18 Info ip.cn(172.67.174.23) cdn.qqb3.com(198.54.117.242) 21yp37sq.sched.sma.tdnsv5.com(60.13.97.138) site.ip138.com(124.156.105.121) d76b29f56b8bed99.gazigz.cn() 58.common.gazigz.cn() apps.game.qq.com(43.129.139.164) cdn.cuilet.com(23.225.34.75) sp0.baidu.com(119.63.197.139) cdn.sackow.com(23.225.34.75) 104.21.64.12 223.5.5.5 43.129.138.220 124.156.105.121 119.63.197.139 198.54.117.242 - mailcious 119.176.27.237 23.225.34.75	4	7.4		51	ZeroCERT

6362	2024-08-20 10:40	setup.exe 991c2e03a0944756e534a026b2a33ab9 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

6363	2024-08-20 10:10	okayandokay.js b9151804681b7a77dec87fa5dba6bcc5 Generic Malware Antivirus Hide_URL ActiveXObject PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6		9	ZeroCERT

6364	2024-08-20 09:56	66c3721bc46fe_Ernrnmkio.exe#14 902f14b6f32cc40a82d6a0f2c41208ec .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				4.6	M	26	ZeroCERT

6365	2024-08-20 09:54	FRIDAYADAMWEBMPDW-constraints.... d63d833bafcbcfc8d8458670f455505a Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6	M	4	ZeroCERT

6366	2024-08-20 09:52	netwrking.hta 66d90ce013faba1c33ec845c0a45bc2d Generic Malware Antivirus Downloader AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	11.4	M	15	ZeroCERT

6367	2024-08-20 09:51	drchoe.exe 2a601bbfbfc987186371e75c2d70ef4e Formbook Generic Malware UPX Malicious Library Malicious Packer PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed				2.8	M	31	ZeroCERT

6368	2024-08-20 09:50	buttersweetnessgoodforhealthto... 1e7080c333d88565706bf847d134c42a Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6	M	4	ZeroCERT

6369	2024-08-20 09:50	66c371744eb05_crt2.exe 34631daee5d4765989d302a86210dd64 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format Word 2007 file format(docx) ZIP Format MSOffice File PE64 DllRegisterServer dll OS Processor Check DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed				3.2	M	17	ZeroCERT

6370	2024-08-20 09:49	66c3373394621_srealc_cry.exe#k... 4f1e4ca1a60a95b711f3ab1e26be3d16 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName				2.6	M	37	ZeroCERT

6371	2024-08-20 09:48	172373704210952.png.exe e3380ca24bff7803d134ff7bddc81223 Malicious Packer PE File DLL PE64 VirusTotal Malware				0.8	M	24	ZeroCERT

6372	2024-08-20 09:47	66c323e1543cd_ffrs.exe#grid a092735c3424c8e3694f6a6a04a3943a Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				1.6	M	26	ZeroCERT

6373	2024-08-20 09:47	66c371cac05bf_crypted.exe#1 6c7b2cee060867f844491ec8f5bb4825 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName DNS		1		3.0	M	21	ZeroCERT

6374	2024-08-20 09:45	66c2d861a5b4d_google.exe 8447dbe44aa2ede5d56341e0dc22f319 PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1	1.4	M	20	ZeroCERT

6375	2024-08-20 09:45	weneedtoknowbutterburnreallysw... 01ee2a10ee91efdcf290d48901cbc8d1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1	4.6	M	34	ZeroCERT