Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6811	2023-12-04 18:06	Posh_v2_dropper_x64.exe a5748047ebbe34d7821a2a040e4ca54e Hide_EXE Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself				3.6	M	50	ZeroCERT

6812	2023-12-04 18:05	aiitoo.exe 5ea91b3790b5e6e52eb199a13d945808 UPX PE32 PE File VirusTotal Malware Remote Code Execution crashed				2.8	M	47	ZeroCERT

6813	2023-12-04 18:04	1.ps1 b4c3aac58bfdfdaff5a51ec9370d0bc0 Hide_EXE Generic Malware Antivirus OS Processor Check VirusTotal Malware Check memory unpack itself				1.6	M	38	ZeroCERT

6814	2023-12-04 18:03	good.exe 28417328b64f515c71ceab7b1ee5766b Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)	14.4	M	50	ZeroCERT

6815	2023-12-04 18:02	1.exe d3b17ddf0b98fd2441ed46b033043456 Generic Malware Malicious Packer UPX PE32 PE File VirusTotal Malware Check memory WriteConsoleW				1.6	M	63	ZeroCERT

6816	2023-12-04 18:01	syncUpd.exe ccb3c4b013b8ff72994e4c799503894f Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Windows Remote Code Execution crashed				3.2	M	30	ZeroCERT

6817	2023-12-04 18:00	Zrwjjtizco.exe 202ff26923cb44846d9dc5a223acfae6 .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1		4.2	M	57	ZeroCERT

6818	2023-12-04 16:36	ma.exe 81145190d0c6cb7c04a3c7b8de03fd16 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself				2.6	M	17	ZeroCERT

6819	2023-12-04 16:30	ma.exe 81145190d0c6cb7c04a3c7b8de03fd16 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware				1.0	M	17	ZeroCERT

6820	2023-12-04 16:26	ma.exe 81145190d0c6cb7c04a3c7b8de03fd16 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware				1.0	M	17	ZeroCERT

6821	2023-12-04 15:40	ma.exe 81145190d0c6cb7c04a3c7b8de03fd16 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware				1.0	M	17	ZeroCERT

6822	2023-12-04 15:40	ama.exe 283636033e6111ad957f7b40a2b78963 UPX PE32 PE File VirusTotal Malware				1.8	M	29	ZeroCERT

6823	2023-12-04 15:40	ngrok.exe e2eadf60d8f25cae9b29decab461177b Malicious Library Malicious Packer UPX PE File PE64 wget OS Processor Check				0.2	M		ZeroCERT

6824	2023-12-04 15:40	WILD_PRIDE.exe 6b44d99b258c275ee7fcf230da177f3e Malicious Packer UPX PE File PE64 VirusTotal Malware				1.4	M	43	ZeroCERT

6825	2023-12-04 15:40	cp.exe 67c91a40f9550dca6e0caf57325b9a10 Themida Packer UPX PE32 PE File				1.0	M		ZeroCERT