Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8311	2023-12-19 07:37	somzx.exe 1a01797e5fa2117626317413590140fb Formbook .NET framework(MSIL) PE32 PE File .NET EXE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					2.8	M		ZeroCERT

8312	2023-12-19 07:35	wlanext.exe b0eaadc00780e937b1c8598b0383392a Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					6.0			ZeroCERT

8313	2023-12-19 07:35	plugmanzx.exe 3e76e206fa47934466616d05600d8caf AgentTesla Formbook PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		2	4		10.8			ZeroCERT

8314	2023-12-18 11:06	tuc2.exe 3b84b8056e5652cc5a3492f1e3b6da38 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format VirusTotal Malware Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.2		13	ZeroCERT

8315	2023-12-18 11:05	tuc6.exe 59075f4eb9130dd9954d29b51aca2db5 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.2			ZeroCERT

8316	2023-12-18 11:05	tuc7.exe 3465e7e7f2e7125ad25b20076b9a1774 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.2			ZeroCERT

8317	2023-12-18 10:28	Microsoftprofilecheckedhistory... b1483bb31d4cb5366a131ad07409d806 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.8	M	32	ZeroCERT

8318	2023-12-18 10:28	hotcock.vbs eb4e97fbd44e49363137ec846b846271 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	5 Keyword trend analysis	5	2	1	9.0		3	ZeroCERT

8319	2023-12-18 10:08	tuc5.exe ffc007415194eba794ecb55407848ac6 Emotet Malicious Library UPX PE32 PE File MZP Format unpack itself crashed					0.8			ZeroCERT

8320	2023-12-18 10:07	film.exe da044811ca4ac1cc04b14153dccbbf37 Themida Packer Generic Malware UPX PE32 PE File .NET EXE Lnk Format GIF Format DLL OS Processor Check ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization IP Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)		17.6	M		ZeroCERT

8321	2023-12-18 10:03	microsoftprofiledeletedhistory... b2acb6f83affabe12ebf11bade4940de MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.6	M		ZeroCERT

8322	2023-12-18 10:00	tuc6.exe c6daee770496fb1e5f1c0c4f14b9e53a Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.0	M		ZeroCERT

8323	2023-12-18 09:59	Microsoftprofilecheckedhistory... b1483bb31d4cb5366a131ad07409d806 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					2.8	M	32	ZeroCERT

8324	2023-12-18 09:56	tuc3.exe e8bb391ee1c0c060b906750b07e2ac5f Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check DllRegisterServer dll PE64 wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.0			ZeroCERT

8325	2023-12-18 09:55	Microsoftupgradedtechnologytoe... 27447785fd8cb3c3f48f90e09a0c15c2 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	3		4.6	M	33	ZeroCERT