Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9316	2024-06-07 09:49	setup-lightshot.exe 42d41456f2eccff630138c1ac9d50d1f Generic Malware WinRAR Malicious Library UPX PE File PE32 OS Processor Check Lnk Format GIF Format URL Format DLL VirusTotal Malware PDB MachineGuid Creates shortcut Creates executable files unpack itself ComputerName RCE				3.4	M	20	ZeroCERT

9317	2024-06-07 09:49	lionsarekingogthejunglewhorule... 56b4ddf6c247124f9bc633b06b169a84 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	9 Info SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious lsass.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	3.2	M		ZeroCERT

9318	2024-06-07 09:47	lionsarekingandudfdidthekingof... 80190d1b737a846f31133525d9577514 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	4.6	M	37	ZeroCERT

9319	2024-06-07 09:47	interestedanglesayingsheismost... 2ae556f4c5d9590b352ad8d26fdee537 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	37	ZeroCERT

9320	2024-06-07 09:45	sevchost.exe ce8a92812da2af7e020a136c9ffeb656 Suspicious_Script_Bin PE File PE32 VirusTotal Malware AutoRuns Creates executable files Windows DNS		2		6.0	M	51	ZeroCERT

9321	2024-06-07 09:45	vidar0506.exe 277923785bb9e137228d51c5685ee0ab Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed		1		4.0	M	56	ZeroCERT

9322	2024-06-07 09:43	lionsarekingandtheyalwaysliket... f6d2ec2d490d72ee7ba25907db5da25a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.2	M	37	ZeroCERT

9323	2024-06-07 09:43	lsass.exe e0354350b177887076f4c89567e0af8d PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key		2	3	4.4	M	50	ZeroCERT

9324	2024-06-07 09:41	www.ps1 b8d18d049050e1e12c378dd2c71cadc6 Generic Malware Antivirus ZIP Format VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	5.2	M	4	ZeroCERT

9325	2024-06-07 09:41	DZP.exe 8cc057c58bd59166922b1a6fbf9a0ec7 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	3	7.4		23	ZeroCERT

9326	2024-06-07 09:39	IGCC.exe 29b2b081df5861fed9651766f37b7738 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3	9.6		28	ZeroCERT

9327	2024-06-07 09:39	RuntimeBroker.exe 6cf863b98e0282f50e8d5f90f611f664 XMRig Miner Generic Malware UPX Malicious Library ASPack Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Malware Check memory unpack itself Auto service Check virtual network interfaces sandbox evasion WriteConsoleW Browser ComputerName RCE Firmware DNS		1		7.2	M	54	ZeroCERT

9328	2024-06-07 09:37	Tlcf4ubbOhvrFYkon.exe 9c4b350eb7315c2f6f4b2eb64bccd918 Formbook Malicious Library AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process Windows DNS Cryptographic key crashed	6 Keyword trend analysis Info http://www.caxars.store/muti/ http://www.eshopkhaliji.store/muti/?8p=PenW7MtlXSrvxOPA1PJj8U2jUUvXlhwVh1FpwKQCNXiCStQ1MIBfQTqa3m2cpudHTvQpU++Q&4h=vTxdQD-PSRspeX7&sql=1 http://www.eshopkhaliji.store/muti/ http://www.shopadamsstore.com/muti/?8p=rUMPbDi9V+hLkBWFtVE1y7T4O5kE79Gi8Nwpb3xjlkSgEF4tpwDWlQ4hDt2c39K6jtdDQHz5&4h=vTxdQD-PSRspeX7&sql=1 http://www.caxars.store/muti/?8p=vAkEv8VlD6HvoJ7OTZ3UyhPmsIwewVN5MI8wV+ea/g1itgmvOaYSZ0nMfK3GudfMXpkuz2fr&4h=vTxdQD-PSRspeX7&sql=1 http://www.shopadamsstore.com/muti/	8	2	10.8	M	43	ZeroCERT

9329	2024-06-07 09:36	lionsarekingofthejunglewhotrul... c5af2617421f885a9772a4b51b80cb2a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.2		38	ZeroCERT

9330	2024-06-07 09:34	Update.exe 4c6f04a706e2ca2a0b722336675318da Malicious Library Downloader UPX PE File PE32 MZP Format OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic unpack itself AppData folder Windows RCE DNS	2 Keyword trend analysis	3	1	6.2		49	ZeroCERT