Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8656	2023-12-01 13:08	conhost.exe d026406ee553f49e6526b612274544d3 XMRig Miner Emotet Suspicious_Script_Bin Generic Malware task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HT VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key	4 Keyword trend analysis	3	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	12.8	M	15	ZeroCERT

8657	2023-12-01 13:04	microsoftEdgedeletedentirehist... 9e0226adf02222bbee9aa7e2f6f1c07a MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed		1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	33	ZeroCERT

8658	2023-12-01 13:02	wealthzx.doc 5bb5392ff71e2d8ae392f6149170a525 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Windows Exploit DNS crashed		2	5		3.2	M	32	ZeroCERT

8659	2023-12-01 13:02	fmicrosoftdeletedentirehistory... 2d1410e7c006519203fc2c4dec1cae5a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed		1	1		4.6	M	35	ZeroCERT

8660	2023-12-01 10:47	ansi.exe fadc26a8613fd4a8a0298e58d4eda870 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					2.2	M	52	ZeroCERT

8661	2023-12-01 10:47	tuc6.exe 41f49573d5e356a3311eea8dc24b26eb Emotet Gen1 Malicious Library UPX PE32 PE File MZP Format CHM Format PE64 DLL DllRegisterServer dll OS Processor Check Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.6			ZeroCERT

8662	2023-12-01 10:45	exedroidddcc.exe 5793a999d5a84a4f10801b2f00371533 PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName crashed					9.4	M	54	ZeroCERT

8663	2023-12-01 10:43	hv.exe b4e0409a6822da1a960bf71ce05fba6f Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX PWS AntiDebug AntiVM PE32 PE File MSOffice File .NET EXE DLL OS Processor Check VirusTotal Malware Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		12.4		24	ZeroCERT

8664	2023-12-01 10:43	wealthzx.exe 39fb75762707ccd673d011de0128d4f1 PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.0	M	29	ZeroCERT

8665	2023-12-01 10:41	build.exe 6a68babd027c9fee09fbc161259f04db Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					2.2	M	48	ZeroCERT

8666	2023-12-01 10:41	11vsoiocw2.exe f16185080a8c12bc14de28c77c41c559 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					2.0	M	37	ZeroCERT

8667	2023-11-30 17:01	soyaorjaga.exe 1abc02588884a0d1d0c29117da4c8969 AgentTesla Malicious Library Malicious Packer UPX PE32 PE File .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4		5.2		41	ZeroCERT

8668	2023-11-30 16:51	conhost.exe 249b4980b929e202ad6ccc95bbd455b2 Malicious Library UPX PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.8	M	49	ZeroCERT

8669	2023-11-30 16:32	setup294.exe 6cf975704d03f5ca810c254d104ce07f Malicious Library AntiDebug AntiVM PE32 PE File DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder					3.8			ZeroCERT

8670	2023-11-30 14:40	Documento.txt.exe 1af7a2e45f20ad74e091fc976be0492e UPX PE32 PE File .NET EXE VirusTotal Malware Checks debugger unpack itself ComputerName DNS DDNS crashed		2	1		3.6		56	ZeroCERT