Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
826	2024-08-20 17:59	2.hta 7e5d584176b92f73bc82886c9945efc9 Client SW User Data Stealer browser info stealer Hide_EXE Suspicious_Script_Bin Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Browser Info Stealer VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Exploit Browser ComputerName crashed	1 Keyword trend analysis	2		10.2		1	ZeroCERT

827	2024-08-20 17:58	한중 북중 안보현안 비공개 정책간담회 계획.lnk... 32e828282dbe16073293dacc17f0598c Generic Malware Antivirus AntiDebug AntiVM HWP MSOffice File Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	1		8.0		24	ZeroCERT

828	2024-08-20 16:11	Skibidi Boilet Master.msc e25027c2a3b9e45f0551604453e6f865 Antivirus ScreenShot KeyLogger AntiDebug AntiVM VirusTotal Malware MachineGuid Code Injection Check memory RWX flags setting unpack itself	1 Keyword trend analysis			2.8		14	ZeroCERT

829	2024-08-20 12:29	e0c3282206b5533bb3272741212cb6... e0c3282206b5533bb3272741212cb6e1 Generic Malware UPX Antivirus Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File DLL PE64 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				7.8		14	ZeroCERT

830	2024-08-20 11:08	Jhiidutz.exe 8083fed730e151bf47528621db8e7ff8 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				3.4		34	ZeroCERT

831	2024-08-20 10:42	ow.exe 1a29969a7538662884fffe237d32fbc1 PE File PE32 Cobalt Strike Cobalt VirusTotal Malware c&c suspicious privilege Malicious Traffic unpack itself Windows utilities Detects VMWare suspicious process AppData folder VMware Tofsee Windows DNS crashed	9 Keyword trend analysis Info http://cdn.qqb3.com/API/General/lsrpu http://cdn.cuilet.com/http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99 http://cdn.qqb3.com/API/General/client_log_user http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99 http://apps.game.qq.com/comm-htdocs/ip/get_ip.php https://ip.cn/api/index?ip=cdn.cuilet.com&type=1 https://site.ip138.com/domain/read.do?domain=cdn.cuilet.com&time=1724129865281	18 Info ip.cn(172.67.174.23) cdn.qqb3.com(198.54.117.242) 21yp37sq.sched.sma.tdnsv5.com(60.13.97.138) site.ip138.com(124.156.105.121) d76b29f56b8bed99.gazigz.cn() 58.common.gazigz.cn() apps.game.qq.com(43.129.139.164) cdn.cuilet.com(23.225.34.75) sp0.baidu.com(119.63.197.139) cdn.sackow.com(23.225.34.75) 104.21.64.12 223.5.5.5 43.129.138.220 124.156.105.121 119.63.197.139 198.54.117.242 - mailcious 119.176.27.237 23.225.34.75	4	7.4		51	ZeroCERT

832	2024-08-20 10:40	setup.exe 991c2e03a0944756e534a026b2a33ab9 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key				10.4	M		ZeroCERT

833	2024-08-20 10:10	okayandokay.js b9151804681b7a77dec87fa5dba6bcc5 Generic Malware Antivirus Hide_URL ActiveXObject PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6		9	ZeroCERT

834	2024-08-20 09:56	66c3721bc46fe_Ernrnmkio.exe#14 902f14b6f32cc40a82d6a0f2c41208ec .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				4.6	M	26	ZeroCERT

835	2024-08-20 09:54	FRIDAYADAMWEBMPDW-constraints.... d63d833bafcbcfc8d8458670f455505a Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6	M	4	ZeroCERT

836	2024-08-20 09:52	netwrking.hta 66d90ce013faba1c33ec845c0a45bc2d Generic Malware Antivirus Downloader AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	11.4	M	15	ZeroCERT

837	2024-08-20 09:51	drchoe.exe 2a601bbfbfc987186371e75c2d70ef4e Formbook Generic Malware UPX Malicious Library Malicious Packer PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed				2.8	M	31	ZeroCERT

838	2024-08-20 09:50	buttersweetnessgoodforhealthto... 1e7080c333d88565706bf847d134c42a Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6	M	4	ZeroCERT

839	2024-08-20 09:50	66c371744eb05_crt2.exe 34631daee5d4765989d302a86210dd64 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format Word 2007 file format(docx) ZIP Format MSOffice File PE64 DllRegisterServer dll OS Processor Check DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed				3.2	M	17	ZeroCERT

840	2024-08-20 09:49	66c3373394621_srealc_cry.exe#k... 4f1e4ca1a60a95b711f3ab1e26be3d16 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName				2.6	M	37	ZeroCERT