Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7966	2024-07-09 18:21	소명자료 목록.hwp.lnk a330b834cc2ec19c3e151f07fb4b877c Generic Malware Antivirus AntiDebug AntiVM HWP MSOffice File Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			6.0		24	ZeroCERT

7967	2024-07-09 18:16	근로신청서 관련의 건.docx.lnk 21d12dc7f08752293847af6ed19df0e3 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.2		8	ZeroCERT

7968	2024-07-09 17:10	fromblueRmilxch.exe 0234bff4bd4e6dd7a80d3fde4f12fc09 Malicious Library Malicious Packer .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.4	M	35	ZeroCERT

7969	2024-07-09 17:08	trc.exe 74758f61067ea9fa0e2a4593920ed0f2 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed				1.4	M	28	ZeroCERT

7970	2024-07-09 17:06	runerdata.exe 99c919281e619f24edc578e427433f7b Malicious Library Malicious Packer .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.4	M	38	ZeroCERT

7971	2024-07-09 17:06	build1111.exe dea351e95b2d5b0a6b3911d531315550 Generic Malware Malicious Library PE File PE64 VirusTotal Malware Check memory unpack itself				1.2		17	ZeroCERT

7972	2024-07-09 14:18	Update_old.js affe7c07da3776a191c69b73e50d491a VBScript wscript.exe payload download Tofsee crashed Dropper		2	2	10.0			guest

7973	2024-07-09 12:06	download.php 019defe59b733d4d86a895702873ff07 Malicious Library PE File PE32 VirusTotal Malware RCE				2.0	M	27	ZeroCERT

7974	2024-07-09 11:20	Large_Innovation_Project_for_B... 51565dd3cedcdcf0040a62e31758a525 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	3 Keyword trend analysis			7.0		14	ZeroCERT

7975	2024-07-09 10:12	AdaptorOvernight.exe e0d29de6e2fa7590f857f1ef825c943c Suspicious_Script_Bin Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName DNS				8.0	M	18	ZeroCERT

7976	2024-07-09 10:12	Setup.exe 59a192a7b85f4bb5796c53cc450caf2c Malicious Library PE File PE32 VirusTotal Malware Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName				4.4		28	ZeroCERT

7977	2024-07-09 10:11	install.exe 7524d560b667b8ed62f16bc59772d81f Emotet Gen1 HermeticWiper Generic Malware PhysicalDrive Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) Obsidium protector Antivirus PE File PE64 CAB OS Processor Check DLL DllRegisterServer dll PE32 MZP Format MSOffice File VirusTotal Malware PDB Checks debugger Creates executable files				3.6	M	44	ZeroCERT

7978	2024-07-09 10:10	file 4808c478a3cf9d6fae1e1dcb10f4be33 Javascript_Blob AntiDebug AntiVM ftp MSOffice File Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	5 Keyword trend analysis Info https://www.googletagmanager.com/gtag/js?id=UA-829541-1 https://the.gatekeeperconsent.com/cmp.min.js https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T https://btloader.com/tag?o=5678961798414336&upapi=true	19 Info www.googletagmanager.com(142.250.206.232) the.gatekeeperconsent.com(172.67.199.186) translate.google.com(142.250.206.206) static.mediafire.com(104.16.114.74) cdn.amplitude.com(54.230.61.103) static.cloudflareinsights.com(104.16.80.73) www.ezojs.com(104.21.63.106) btloader.com(104.22.75.216) 142.250.207.78 172.67.199.186 172.67.170.144 104.16.113.74 - mailcious 142.251.220.46 104.16.80.73 54.230.61.127 104.16.114.74 - mailcious 104.22.75.216 142.250.76.232 104.21.63.106	2	6.6	M		ZeroCERT

7979	2024-07-09 10:04	persona.exe a0f4dea92c2045c7da2664345e4e5edf Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB unpack itself DNS crashed	1 Keyword trend analysis	1		2.8	M	29	ZeroCERT

7980	2024-07-09 10:02	Xin.exe 520f92170a2cf78ed3152f83973b9b66 Malicious Library Admin Tool (Sysinternals etc ...) PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		2		10.6		59	ZeroCERT