Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6526	2023-12-19 07:39	1.exe 2e4e7673a769c8ca39609bb6973f8a1f Lumma Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer Malware download Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware DNS	1 Keyword trend analysis	3	3	1	7.2	M		ZeroCERT

6527	2023-12-19 07:39	wlanext.exe 88aa7a12dbafa9f2d059943a7e112ac3 NSIS Malicious Library UPX ASPack PE32 PE File OS Processor Check Remcos Malware AutoRuns Malicious Traffic Check memory buffers extracted Creates executable files unpack itself AppData folder Windows	1 Keyword trend analysis	4	1		4.4	M		ZeroCERT

6528	2023-12-19 07:37	somzx.exe 1a01797e5fa2117626317413590140fb Formbook .NET framework(MSIL) PE32 PE File .NET EXE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					2.8	M		ZeroCERT

6529	2023-12-19 07:35	wlanext.exe b0eaadc00780e937b1c8598b0383392a Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					6.0			ZeroCERT

6530	2023-12-19 07:35	plugmanzx.exe 3e76e206fa47934466616d05600d8caf AgentTesla Formbook PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		2	4		10.8			ZeroCERT

6531	2023-12-18 11:06	tuc2.exe 3b84b8056e5652cc5a3492f1e3b6da38 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format VirusTotal Malware Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.2		13	ZeroCERT

6532	2023-12-18 11:05	tuc6.exe 59075f4eb9130dd9954d29b51aca2db5 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.2			ZeroCERT

6533	2023-12-18 11:05	tuc7.exe 3465e7e7f2e7125ad25b20076b9a1774 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.2			ZeroCERT

6534	2023-12-18 10:28	Microsoftprofilecheckedhistory... b1483bb31d4cb5366a131ad07409d806 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.8	M	32	ZeroCERT

6535	2023-12-18 10:28	hotcock.vbs eb4e97fbd44e49363137ec846b846271 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	5 Keyword trend analysis	5	2	1	9.0		3	ZeroCERT

6536	2023-12-18 10:08	tuc5.exe ffc007415194eba794ecb55407848ac6 Emotet Malicious Library UPX PE32 PE File MZP Format unpack itself crashed					0.8			ZeroCERT

6537	2023-12-18 10:07	film.exe da044811ca4ac1cc04b14153dccbbf37 Themida Packer Generic Malware UPX PE32 PE File .NET EXE Lnk Format GIF Format DLL OS Processor Check ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization IP Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)		17.6	M		ZeroCERT

6538	2023-12-18 10:03	microsoftprofiledeletedhistory... b2acb6f83affabe12ebf11bade4940de MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.6	M		ZeroCERT

6539	2023-12-18 10:00	tuc6.exe c6daee770496fb1e5f1c0c4f14b9e53a Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.0	M		ZeroCERT

6540	2023-12-18 09:59	Microsoftprofilecheckedhistory... b1483bb31d4cb5366a131ad07409d806 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					2.8	M	32	ZeroCERT