Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
9571	2023-08-10 09:49	Allergy List pdf.scr 5a5268db3190beda118dfc8a2b0cdd56 Gen1 UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Browser Email ComputerName DNS	8 Keyword trend analysis Info http://185.204.109.88/de253061326598d0/mozglue.dll http://185.204.109.88/de253061326598d0/freebl3.dll http://185.204.109.88/de253061326598d0/nss3.dll http://185.204.109.88/de253061326598d0/msvcp140.dll http://185.204.109.88/de253061326598d0/softokn3.dll http://185.204.109.88/de253061326598d0/vcruntime140.dll http://185.204.109.88/0f718f036de6b7e0.php http://185.204.109.88/de253061326598d0/sqlite3.dll	1		7.4		8	ZeroCERT

9572	2023-08-10 09:48	HYY.vbs 5c508dd6580c2abe32455a6c29ac32ae Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.8	M	17	ZeroCERT

9573	2023-08-10 09:48	NvjRTZU.wsf 4d0dc8bd843fdd35e8623e22e3ea8f83 wscript.exe payload download unpack itself crashed	1 Keyword trend analysis	2		1.8			ZeroCERT

9574	2023-08-10 09:47	IMG_050823.com cea2cada4cb263247472720686e14e41 .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName		2		1.6			ZeroCERT

9575	2023-08-10 09:46	HGG.vbs aaa8244c698233bc249ddda1e6db6ce6 Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				6.0	M	20	ZeroCERT

9576	2023-08-10 09:44	setup.vbs 2308efc0d4f8e10e983f3fb5ac87ae8c Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	3		9.0	M	2	ZeroCERT

9577	2023-08-10 09:44	MSK.vbs ae98e919568e778817d4668f82242cf4 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.8	M	17	ZeroCERT

9578	2023-08-10 09:40	IGUU.vbs 31e9ee45e3a0e6c4c020ac248a843a7d Generic Malware Antivirus Hide_URL PowerShell Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	4		11.0	M		ZeroCERT

9579	2023-08-10 09:40	ChromeSetup.vbs 150a2b851e3ccbf928d862a05b37636c Generic Malware Antivirus UPX Malicious Library PE File PE32 DLL PE64 PNG Format VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		9.4	M	3	ZeroCERT

9580	2023-08-10 09:36	X.vbs bf2d0d0575cf2e9bc9de0885bd8fb666 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	3		9.4		2	ZeroCERT

9581	2023-08-10 09:36	update.vbs bb0c35cecf43175858984c3d8bc97e97 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	3		8.4		2	ZeroCERT

9582	2023-08-10 08:00	images.exe fc0b349cceb4042ecb9759e9a519ca95 .NET framework(MSIL) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself				1.4	M		ZeroCERT

9583	2023-08-10 07:58	smss.exe 762df4801061068efc7a2dfbeb555701 .NET framework(MSIL) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself				1.4	M		ZeroCERT

9584	2023-08-10 07:57	WmiPrvSE.exe f46119800d530db454ce9d90e12d2d67 Formbook NSIS UPX Malicious Library Malicious Packer PE File PE32 suspicious privilege Check memory Creates executable files ICMP traffic unpack itself AppData folder DNS	23 Keyword trend analysis Info http://www.potent-tech.com/mv9h/ - rule_id: 35666 http://www.weinbrenner-stiftung.org/mv9h/?V6=KriJDkyr9ZSDK5SncDruUH89KQPsZisyljIEVA7ACCuqryEISDWc4fIbxiwjaj9YllKMJ4K263YcXqSukN/9eRkxhZw6ZQvhn0MgKpA=&2OQv=L0u7oq - rule_id: 35662 http://www.hncovnyyra.best/mv9h/ - rule_id: 35656 http://www.potent-tech.com/mv9h/?V6=5LG9sGJ0Xy0tGBfy/i4n941Vae72eun7+06/2kSJ2Ijal4TzL2poOVQfz4pDEpYGJhcAHBjd7wBR7BL0Fryth6nc1D7NW/kGG+pkqcI=&2OQv=L0u7oq - rule_id: 35666 http://www.rva.info/mv9h/?V6=VRRqi/ql977uvieqYsG4fOrDt8dXLrN86EfRdYcOQNSbko9uA8lJYMBA/4W5F4bPxRFvp/KzmV+IiXK6fR3lqPQiRqLY9cobKkCJQRY=&2OQv=L0u7oq - rule_id: 35657 http://www.ceravolt.life/mv9h/ - rule_id: 35660 http://www.rva.info/mv9h/ - rule_id: 35657 http://www.help-hair.info/mv9h/?V6=GNz0FM0e5ScvNElU2Hu2om6Rqm4e+67FZh9yl10aFczOUMs8DWUv0BGRHOdPh5hc0CAdyJzRrvN/qShJrEMPe4vi0TNirV+929KqINs=&2OQv=L0u7oq - rule_id: 35664 http://www.eventz9.com/mv9h/?V6=DhN/pfZhMnl4HQr18JX+oR8+aYaT8DsUwwvwmuFtuqFZv8xoKl2cv7n6clvWh1ER01rwIDgQIfjRcGmRjQxyMnOEIFklWxiWmR0afZM=&2OQv=L0u7oq - rule_id: 35661 http://www.ridonestore.shop/mv9h/ - rule_id: 35665 http://www.aquatic-organisms.info/mv9h/ - rule_id: 35663 http://www.help-hair.info/mv9h/ - rule_id: 35664 http://www.hncovnyyra.best/mv9h/?V6=HcykeIqVbXhfppJwoSsM/lzOWEv/63sUc26l9Pyzi/RiJWpkCKG7rYCg+zEFiCvlKsq6aaTMW0S7wU6+gIahRGdD6ziJ49MY8t7Y4AU=&2OQv=L0u7oq - rule_id: 35656 http://www.aquatic-organisms.info/mv9h/?V6=iptoip7pWRsS9xKJtuuMpZ3pZju1uspYTD6Awsn8x9vJeBkpaHApDsxm5SKYRJmJIPm4Br1em9F8LnG0RKBgEpAwWbXUGUe5zk5WzmM=&2OQv=L0u7oq - rule_id: 35663 http://www.eventz9.com/mv9h/ - rule_id: 35661 http://www.brownie.rest/mv9h/?V6=vmn/PMHMKvttZlwOVZyOjTJZ+WpUZFfmH6ozGnWYHclktmcXFHgsldQI8V2t6yLP30Sy4KtKyocnDpxwpleQA38uNlwzTJH7fcDgzks=&2OQv=L0u7oq - rule_id: 35659 http://www.ceravolt.life/mv9h/?V6=9IeKlzzeiCBmV6GZneJqnhQdGcMOrN2zpJl1PcRdXHgPlBFjKoUh2wO5Xuu1XzrnlBtm9u1a/Ow39lO36+F22xQtyEIwfDBXWZJ5lHc=&2OQv=L0u7oq - rule_id: 35660 http://www.ridonestore.shop/mv9h/?V6=9VxnjTCqrqAAIhZwG9PoTS29kvYV+Vsyiu2Fvyx7VLgNyAFzPPwxiPtN8AaY7yAV9hQiJzLhpdoSmgIbJxvhNzuKboEGgwYKJo7uw1I=&2OQv=L0u7oq - rule_id: 35665 http://www.expelledclothing.com/mv9h/?V6=9a4cyonTP0e6NuzSlLJ27FO37WvMSZ0WaVw1AMtOxtaCv+m5JRKGBAYKzIKL0anZ1A3e1EfBSBxBW9/OLTmFzaHtcxx2Mn8hsStbcMw=&2OQv=L0u7oq - rule_id: 35658 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip http://www.weinbrenner-stiftung.org/mv9h/ - rule_id: 35662 http://www.brownie.rest/mv9h/ - rule_id: 35659 http://www.expelledclothing.com/mv9h/ - rule_id: 35658	24 Info www.ridonestore.shop(84.32.84.32) - mailcious www.brownie.rest(202.172.26.52) - mailcious www.rva.info(3.64.163.50) - mailcious www.aquatic-organisms.info(199.59.243.224) - mailcious www.expelledclothing.com(45.79.19.196) - mailcious www.eventz9.com(35.241.18.84) - mailcious www.help-hair.info(104.21.83.214) - mailcious www.ceravolt.life(203.161.53.83) - mailcious www.weinbrenner-stiftung.org(46.30.213.165) - mailcious www.potent-tech.com(119.28.69.86) - mailcious www.hncovnyyra.best(104.21.73.140) - mailcious 46.30.213.165 - mailcious 202.172.26.52 - phishing 5.8.18.42 - mailcious 84.32.84.32 - mailcious 119.28.69.86 - mailcious 172.67.181.247 172.67.145.145 - mailcious 35.241.18.84 - mailcious 3.64.163.50 - mailcious 45.33.23.183 - suspicious 45.33.6.223 203.161.53.83 - mailcious 199.59.243.224 - mailcious	22 Info http://www.potent-tech.com/mv9h/ http://www.weinbrenner-stiftung.org/mv9h/ http://www.hncovnyyra.best/mv9h/ http://www.potent-tech.com/mv9h/ http://www.rva.info/mv9h/ http://www.ceravolt.life/mv9h/ http://www.rva.info/mv9h/ http://www.help-hair.info/mv9h/ http://www.eventz9.com/mv9h/ http://www.ridonestore.shop/mv9h/ http://www.aquatic-organisms.info/mv9h/ http://www.help-hair.info/mv9h/ http://www.hncovnyyra.best/mv9h/ http://www.aquatic-organisms.info/mv9h/ http://www.eventz9.com/mv9h/ http://www.brownie.rest/mv9h/ http://www.ceravolt.life/mv9h/ http://www.ridonestore.shop/mv9h/ http://www.expelledclothing.com/mv9h/ http://www.weinbrenner-stiftung.org/mv9h/ http://www.brownie.rest/mv9h/ http://www.expelledclothing.com/mv9h/	4.8	M		ZeroCERT

9585	2023-08-10 07:57	damianozx.exe aefddcdc823f16072869862f35db8dae AgentTesla KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName Cryptographic key Software crashed		2		9.6	M		ZeroCERT