Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8566	2023-12-05 08:16	1701517649-explorer.exe da419a77d4cf91ece32dca8dd1dfd152 PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed					3.4	M	50	ZeroCERT

8567	2023-12-05 08:13	LEGISLATIVE_COUSIN.exe 0e763512095abc4616f81cf4631b9b2f Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1			4.4	M	50	ZeroCERT

8568	2023-12-05 08:10	pinguin.exe 58d28558b5e2ffbb0238ed852b0fccf4 Emotet Generic Malware Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Check memory unpack itself ComputerName Remote Code Execution					2.4	M	14	ZeroCERT

8569	2023-12-05 08:10	Posh_v2_x64_xor.exe 94b560246170d823d6aad92172cdb57a PE File PE64 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself					3.4	M	43	ZeroCERT

8570	2023-12-05 08:08	Posh_v4_dropper_migrate_x64.ex... c1d1295e8c1b4116fa7ed1866ed8b73c Hide_EXE Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Windows Cryptographic key					3.6	M	41	ZeroCERT

8571	2023-12-05 08:08	Posh_v2_dropper_x86.exe 7fa5f4cb38888a230b82389cbe568107 Hide_EXE Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself					3.4	M	45	ZeroCERT

8572	2023-12-05 08:06	ngrok.exe 34985fae5fa8e9ebaa872de8d0105005 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check crashed					0.4	M		ZeroCERT

8573	2023-12-05 08:06	Posh_v2_dropper_x64.exe 3393edc78556559552294115a95f2ba2 Hide_EXE Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself					3.4	M	39	ZeroCERT

8574	2023-12-05 08:04	Sharp_v4_x64_xor.exe 1f91c3ab8a9689208e162e81b16881fe PE File PE64 VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS		1			5.8	M	45	ZeroCERT

8575	2023-12-05 08:03	svchost.exe 66055eb5779265037160e80546c6de3d Emotet Generic Malware Malicious Library UPX PE32 PE File VirusTotal Malware Check memory unpack itself ComputerName Remote Code Execution					2.8		44	ZeroCERT

8576	2023-12-04 18:45	as.exe 12d26de76ef1e100a30a71c12507c8a7 Emotet Gen1 IAmTheKing Family Generic Malware task schedule Downloader Malicious Packer UPX Malicious Library Admin Tool (Sysinternals etc ...) Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Networ VirusTotal Malware PDB suspicious privilege Code Injection malicious URLs					3.8	M	41	ZeroCERT

8577	2023-12-04 18:39	ama.exe 283636033e6111ad957f7b40a2b78963 Amadey UPX PE32 PE File VirusTotal Malware AutoRuns Malicious Traffic Check memory RWX flags setting unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1		1	8.6	M	40	ZeroCERT

8578	2023-12-04 18:37	WinUpdate.exe 31c4a3f16baa5e0437fdd4603987b812 Malicious Library Malicious Packer UPX Javascript_Blob Anti_VM PE File PE64 VirusTotal Malware					2.0	M	49	ZeroCERT

8579	2023-12-04 18:35	ca2.exe 64944a1f7d846006e04b6101d40a28b4 PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key		1			4.0	M	47	ZeroCERT

8580	2023-12-04 18:33	autorun.exe dd2ac276240e8ad3deecc338acc8116d Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)		7.2	M	30	ZeroCERT