Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8026	2024-07-08 09:42	igccu.exe 7e65b6742284236fdd138467fad4a26b Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger unpack itself	1 Keyword trend analysis	4	1		4.4		49	ZeroCERT

8027	2024-07-08 09:40	aaa.exe e52ba92d25281e90aa7f27bd3719951f Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0		63	ZeroCERT

8028	2024-07-08 09:39	Server.exe 68fad5f5f8de1c290df5d3754b4af358 Generic Malware Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware					1.2		65	ZeroCERT

8029	2024-07-08 09:32	1.exe 956cc5fc3eb02c4e9fa0f180a7155895 ELF VirusTotal Malware					0.4	M	3	ZeroCERT

8030	2024-07-08 07:58	vidar0607.exe 47a4c6547aaa57510c4d02ce8a6ae548 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	39	ZeroCERT

8031	2024-07-08 07:56	win.exe 36dcf115331160b2f88e83e5b8d07036 UPX Anti_VM PE File PE64 VirusTotal Malware					2.2	M	24	ZeroCERT

8032	2024-07-08 07:54	lumma0607.exe 383dc98d03038d2374701a5bfa5d8c0a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	54	ZeroCERT

8033	2024-07-08 07:52	PACKAGE_DEMO.exe e450ca946d4bf6173ebe3f00c3d08d81 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory Creates shortcut Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName Trojan Banking DNS		3	8 Info ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped		11.8	M	56	ZeroCERT

8034	2024-07-07 19:26	EU.file.exe 84d89662f4329f2fa4a36cfd32974eef Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware RCE					2.2	M	63	ZeroCERT

8035	2024-07-07 19:25	er.er.er.erererere.doC 0028cb11338cbdfd81985d00fa9bf282 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	2			5.6		39	ZeroCERT

8036	2024-07-07 19:11	63vN2.txt.vbs dc087d53594631d1aaa5a22d4b98029f Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		6.8		21	ZeroCERT

8037	2024-07-07 19:11	go.exe d1a881d79ea584b074ae23f9279c5bd0 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	8 Keyword trend analysis Info https://www.google.com/favicon.ico https://accounts.google.com/generate_204?w4ag3w https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AdF4I74pC9xrfzbndeH-N6NOflXq1MjzJIxNFee4-gZlSvToqsOXxF3zsbE0AhE66RpXdgwWsyVz&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1023031012%3A1720346845031034 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AdF4I76Y3NkKUEH3PqSbeNYT6o-AmZa8Isqhy7dbwEu3iufOXcI9DiOb9Rvo_KyAQWxTR7znvW1X-w	6	1		6.4		44	ZeroCERT

8038	2024-07-07 19:07	amadka.exe 29af55c68d51c9ef3c35850bec56664d Amadey Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed	3 Keyword trend analysis	2	2	1	11.0	M	55	ZeroCERT

8039	2024-07-07 19:05	inte.exe cd0fd465ea4fd58cf58413dda8114989 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.4		64	ZeroCERT

8040	2024-07-07 19:04	UNIQ.file.exe 16fcba4c603655fca5f10157dd6d360f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.4		53	ZeroCERT