Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
841	2024-08-20 09:48	172373704210952.png.exe e3380ca24bff7803d134ff7bddc81223 Malicious Packer PE File DLL PE64 VirusTotal Malware					0.8	M	24	ZeroCERT

842	2024-08-20 09:47	66c323e1543cd_ffrs.exe#grid a092735c3424c8e3694f6a6a04a3943a Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.6	M	26	ZeroCERT

843	2024-08-20 09:47	66c371cac05bf_crypted.exe#1 6c7b2cee060867f844491ec8f5bb4825 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName DNS		1			3.0	M	21	ZeroCERT

844	2024-08-20 09:45	66c2d861a5b4d_google.exe 8447dbe44aa2ede5d56341e0dc22f319 PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		1.4	M	20	ZeroCERT

845	2024-08-20 09:45	weneedtoknowbutterburnreallysw... 01ee2a10ee91efdcf290d48901cbc8d1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	34	ZeroCERT

846	2024-08-20 09:44	File1.exe 93d6175fe1726d7f201a13e359e3c3f8 Generic Malware Malicious Library Malicious Packer Antivirus UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE64 OS Processor Check PowerShell PE32 Browser Info Stealer Malware download VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW anti-virtualization installed browsers check Tofsee CryptBot Windows Discord Browser ComputerName Remote Code Execution DNS Cryptographic key crashed	7 Keyword trend analysis Info http://58yongzhe.com/parts/setup1.exe - rule_id: 42034 http://tvezx20pn.top/v1/upload.php http://89.105.201.137/Files/Channel1.exe http://194.58.114.223/d/385104 - rule_id: 41929 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://cdn.discordapp.com/attachments/1274634716451967060/1275223801675907102/setup.exe?ex=66c51c36&is=66c3cab6&hm=a7afd60459653ce3668249ab779142f9304b37948e72ed701047f1fdaf8ce0ff&	12 Info 58yongzhe.com(62.133.62.93) - malware tvezx20pn.top(77.232.42.234) pastebin.com(104.20.3.235) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.130.233) - malware 162.159.133.233 - malware 77.232.42.234 104.21.79.77 - phishing 89.105.201.137 - mailcious 62.133.62.93 194.58.114.223 - mailcious 172.67.19.24 - mailcious	13 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET HUNTING Redirect to Discord Attachment Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	4	22.4	M	19	ZeroCERT

847	2024-08-20 09:43	66bfee9fd7d9a_lumma.exe 9a9953dc06ef76dfb7ef3a308340f77b Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.6	M	38	ZeroCERT

848	2024-08-20 09:41	66c371f08cdcf_unins000.exe#gri... b698dfc0ab0130a4ba4c82ae0e972d9b Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself					1.4		5	ZeroCERT

849	2024-08-20 09:40	66c1f0aa0deee_crypted.exe#1 52245c8ae7ec10fb61eeeb2b329e9a34 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8	M	56	ZeroCERT

850	2024-08-20 09:39	StyleControls%20VCL.exe d4fca59c99d8d70aca5744d147e37c03 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.2		17	ZeroCERT

851	2024-08-20 09:39	csrss.exe bf038a5d89d10a8c54f9173ae6f1218d Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder Windows					4.4		32	ZeroCERT

852	2024-08-20 09:39	66c313b18a645_xin.exe#xin 87842c44385a9c22e2d47b4fe85566dc Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware PDB Remote Code Execution					2.0	M	31	ZeroCERT

853	2024-08-20 09:32	POS_C110.exe 86de5cffa568d6a2392d576fc6535b3b Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					2.0		10	ZeroCERT

854	2024-08-20 09:30	POS_C028.exe 8b2ae18d721ae95719598ca0369e94af Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					1.8		8	ZeroCERT

855	2024-08-20 09:28	POS_C020.exe 404d481d35148c5a12e60cba83d6d034 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware Check memory unpack itself					1.8		8	ZeroCERT