Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6976	2024-08-10 17:45	setup.exe b815bc206843843a7795df8ed74a622d Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT

6977	2024-08-10 17:43	setup.exe 382600785e4a2db8cead5a6b33717a7a Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

6978	2024-08-10 17:43	setup.exe c5def7482c409dd5f2220ce4c1e66656 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT

6979	2024-08-10 17:42	Visual.ps1 0ceeb6420f475c07ac5f4b4783855400 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory	5.4	M		ZeroCERT

6980	2024-08-10 17:41	setup.exe a62db46612899b8ec61837797bab0715 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

6981	2024-08-10 17:41	setup.exe dab66bdcb96e8de84d56613c6bb9b4ae Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT

6982	2024-08-10 17:40	Sli.ps1 a93c2401d4ef1d66c9ddf7c16d27ba8d Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0			ZeroCERT

6983	2024-08-10 17:39	setup.exe f9a027d01be44c149f28e1ca0dd74e3c Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

6984	2024-08-10 17:38	setup.exe c2bc95f90972b102c87a90b48aaf88a5 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT

6985	2024-08-10 17:38	Res.ps1 9f272ba7e7f85d4314931fc4fbae49f0 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory	5.4	M		ZeroCERT

6986	2024-08-10 17:36	setup.exe 67deec3842d186934a988642c6a9e7e9 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

6987	2024-08-10 17:36	setup.exe 4cd5b2243b29cab51395d2b44395bc0c Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0			ZeroCERT

6988	2024-08-10 17:36	Info.ps1 2ff0359741c6894d5625d156e0dba750 Generic Malware Antivirus Malware download VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Trojan DNS Cryptographic key Downloader	1 Keyword trend analysis	1	10 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET HUNTING SUSPICIOUS alg.exe in URI Probable Process Dump/Trojan Download ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING EXE Using Suspicious IAT ZwUnmapViewOfSection Possible Malware Process Hollowing ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory	5.8	M	2	ZeroCERT

6989	2024-08-10 17:34	setup.exe 6a30f1579928870f8abee234b1943994 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

6990	2024-08-10 17:34	setup.exe e91473fcd57c30f471bf0c34824f2da2 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				11.0	M		ZeroCERT