Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9136	2023-08-24 18:04	data.exe e1253c3fc7018228dbf96a7b3b40f49c Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware unpack itself					2.0	M	28	ZeroCERT

9137	2023-08-24 18:03	Cabinet.pdf.lnk 11926797c51a3317a8f749c3a48362d7 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				6.0		13	ZeroCERT

9138	2023-08-24 17:54	InvoicePrinter.exe c86f7b00cedb3b932c5a4714cd011a33 Emotet Malicious Library UPX Admin Tool (Sysinternals etc ...) MZP Format PE File PE32 VirusTotal Malware Check memory unpack itself ComputerName Remote Code Execution crashed					2.4		3	ZeroCERT

9139	2023-08-24 17:54	public.exe d9d80ab4056a3d27e3b1783411b0d77f Malicious Library UPX Malicious Packer PE File PE32 VirusTotal Malware DNS		1			3.8		3	ZeroCERT

9140	2023-08-24 16:02	Invoke-PowerShellTcp.ps1 5661f942f86c50b5b845f675613bc1aa Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows ComputerName DNS Cryptographic key		1			3.8		28	ZeroCERT

9141	2023-08-24 09:27	datacas.exe 772cc6d2ad8f559af26b4b6667189e80 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware unpack itself DNS		1			3.0	M	48	ZeroCERT

9142	2023-08-24 09:25	mm.txt d79de8432d47642e80a50eee453fbe4b Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware Malicious Traffic Check memory buffers extracted RWX flags setting AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS	1 Keyword trend analysis	1	2		5.0	M	36	ZeroCERT

9143	2023-08-24 09:23	d9e1c3_337d702a7383407ea927e15... 10c83f5b34882b38cfcde8064af6c34b Generic Malware Antivirus VirusTotal Malware powershell AutoRuns Check memory heapspray Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.2		2	ZeroCERT

9144	2023-08-24 09:19	a.exe 288edfb1d7515efc0718938fa4e00b8c PE File PE64								ZeroCERT

9145	2023-08-24 09:14	coder.jpg.ps1 9fd5e336e107dff7b6636e4d3c59ab87 Generic Malware Antivirus Check memory Creates executable files unpack itself WriteConsoleW ComputerName					1.4			ZeroCERT

9146	2023-08-24 09:14	gen.txt.vbs c9a1280f7164b74a827d14578642a559 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			9.0		5	ZeroCERT

9147	2023-08-24 07:41	MsMpEng.exe 12f224572c9e11c251b32b80bac3796a .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Software crashed keylogger	1 Keyword trend analysis	5	3		12.6	M		ZeroCERT

9148	2023-08-24 07:41	wininit.exe 932b776b87e459c404ae7e9ca38a0c7e Formbook Confuser .NET AntiDebug AntiVM PE File .NET EXE PE32 Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself DNS	17 Keyword trend analysis Info http://www.yh66985.com/pta7/?2pp61=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&2b=YzwO5n4T_u4 - rule_id: 35249 http://www.playcups.life/pta7/?2pp61=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&2b=YzwO5n4T_u4 - rule_id: 35250 http://www.playcups.life/pta7/ - rule_id: 35250 http://www.acdaiucdac.com/pta7/?2pp61=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&2b=YzwO5n4T_u4 - rule_id: 35847 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.cosmicearthgoddess.com/pta7/?2pp61=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&2b=YzwO5n4T_u4 - rule_id: 35248 http://www.promptyum.com/pta7/?2pp61=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&2b=YzwO5n4T_u4 - rule_id: 35845 http://www.applechiofficial.com/pta7/ - rule_id: 35846 http://www.applechiofficial.com/pta7/?2pp61=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&2b=YzwO5n4T_u4 - rule_id: 35846 http://www.promptyum.com/pta7/ - rule_id: 35845 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip http://www.selfstorage.koeln/pta7/?2pp61=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&2b=YzwO5n4T_u4 - rule_id: 35247 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.acdaiucdac.com/pta7/ - rule_id: 35847 http://www.maytag36.com/pta7/?2pp61=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&2b=YzwO5n4T_u4 - rule_id: 35246 http://www.selfstorage.koeln/pta7/ - rule_id: 35247	18 Info www.sisbom.online() - mailcious www.acdaiucdac.com(165.140.70.70) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.playcups.life(203.161.58.192) - mailcious www.yh66985.com(154.215.247.58) - mailcious www.maytag36.com(76.223.26.96) - mailcious 165.140.70.70 - mailcious 74.208.236.61 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 154.215.247.58 - mailcious 76.223.26.96 - mailcious 217.144.104.212 - mailcious 45.33.6.223 203.161.58.192 - mailcious	2	16 Info http://www.yh66985.com/pta7/ http://www.playcups.life/pta7/ http://www.playcups.life/pta7/ http://www.acdaiucdac.com/pta7/ http://www.yh66985.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.promptyum.com/pta7/ http://www.applechiofficial.com/pta7/ http://www.applechiofficial.com/pta7/ http://www.promptyum.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.maytag36.com/pta7/ http://www.acdaiucdac.com/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/	8.8	M		ZeroCERT

9149	2023-08-24 07:39	igfxEM.exe c6920f7f349692b1d32e0cf3ab29717a UPX Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 PDB Check memory Checks debugger unpack itself crashed					1.2	M		ZeroCERT

9150	2023-08-24 03:53	91ab15acd80b2601_powerp12.pip 9652b22cedc405b88a700de21ea94bb4								guest