Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6856	2023-12-04 15:34	1.ps1 b4c3aac58bfdfdaff5a51ec9370d0bc0 Hide_EXE OS Processor Check						M		ZeroCERT

6857	2023-12-04 15:34	Elbfyhag.exe 0f60f086665fd4d442821851c878c21b PE32 PE File .NET EXE						M		ZeroCERT

6858	2023-12-04 15:34	Microsoftdeletedentirehistoryf... 6ee6e6e58e88fbb222f7b1c8e37973d7 MS_RTF_Obfuscation_Objects RTF File doc						M		ZeroCERT

6859	2023-12-04 15:34	c2.bin 9341cfcc93d1e5ab9373f50b91618afc ELF						M		ZeroCERT

6860	2023-12-04 10:47	Invoice%20325274%20from%20Quic... ab0ba30c618d88e8a9134e0a7c43fc31 VBA_macro MSOffice File VirusTotal Malware					1.0	M	34	guest

6861	2023-12-01 13:08	conhost.exe d026406ee553f49e6526b612274544d3 XMRig Miner Emotet Suspicious_Script_Bin Generic Malware task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HT VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key	4 Keyword trend analysis	3	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	12.8	M	15	ZeroCERT

6862	2023-12-01 13:04	microsoftEdgedeletedentirehist... 9e0226adf02222bbee9aa7e2f6f1c07a MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed		1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	33	ZeroCERT

6863	2023-12-01 13:02	wealthzx.doc 5bb5392ff71e2d8ae392f6149170a525 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Windows Exploit DNS crashed		2	5		3.2	M	32	ZeroCERT

6864	2023-12-01 13:02	fmicrosoftdeletedentirehistory... 2d1410e7c006519203fc2c4dec1cae5a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed		1	1		4.6	M	35	ZeroCERT

6865	2023-12-01 10:47	ansi.exe fadc26a8613fd4a8a0298e58d4eda870 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					2.2	M	52	ZeroCERT

6866	2023-12-01 10:47	tuc6.exe 41f49573d5e356a3311eea8dc24b26eb Emotet Gen1 Malicious Library UPX PE32 PE File MZP Format CHM Format PE64 DLL DllRegisterServer dll OS Processor Check Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.6			ZeroCERT

6867	2023-12-01 10:45	exedroidddcc.exe 5793a999d5a84a4f10801b2f00371533 PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName crashed					9.4	M	54	ZeroCERT

6868	2023-12-01 10:43	hv.exe b4e0409a6822da1a960bf71ce05fba6f Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX PWS AntiDebug AntiVM PE32 PE File MSOffice File .NET EXE DLL OS Processor Check VirusTotal Malware Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		12.4		24	ZeroCERT

6869	2023-12-01 10:43	wealthzx.exe 39fb75762707ccd673d011de0128d4f1 PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.0	M	29	ZeroCERT

6870	2023-12-01 10:41	build.exe 6a68babd027c9fee09fbc161259f04db Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					2.2	M	48	ZeroCERT