Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11416	2023-07-19 07:25	g.exe fcb781be932607dada8058c92633997c Malicious Library PE File PE32 PDB Remote Code Execution					1.2			ZeroCERT

11417	2023-07-19 07:23	msvs.exe e1cd1c30f4761a2bf4c878ef0a723435 Emotet UPX MPRESS PE64 PE File Remote Code Execution crashed					1.4			ZeroCERT

11418	2023-07-19 07:22	ggg.exe ea83b0db7b3030a818b412479afe2bc2 Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed		1			4.0			ZeroCERT

11419	2023-07-19 07:22	msmnr.exe c74b706ecaa058e6e71e7b4b64dff9df Themida Packer Generic Malware UPX Admin Tool (Sysinternals etc ...) PE64 PE File unpack itself Windows crashed					1.8			ZeroCERT

11420	2023-07-19 07:21	theoryabilitypro.exe 5b4e9c25ebf1d7e5a91e85be8c2e4594 Gen1 Emotet UPX Malicious Library CAB PE64 PE File .NET EXE PE32 OS Processor Check AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Remote Code Execution Cryptographic key		2	2		4.8	M		ZeroCERT

11421	2023-07-19 07:19	rockol.exe df7a39c6a0b49b73bb6acd435f073166 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Check memory Checks debugger unpack itself ComputerName					1.0	M		ZeroCERT

11422	2023-07-18 23:45	map_cache[1].db-wal 9382b18504baaa68f43fa352553a16d9 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

11423	2023-07-18 21:42	wininit.exe 210b741e2da121370c2521e56fd1a1c6 NSIS UPX Malicious Library PE File PE32 PNG Format DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows crashed					3.2	M	6	guest

11424	2023-07-18 21:14	IBMCIBMCIBMCIBMCIBMCIBMCIBMCIB... 25068e7e1aa46963af6dad59f42592bb MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6		30	ZeroCERT

11425	2023-07-18 21:10	wininit.exe 210b741e2da121370c2521e56fd1a1c6 NSIS UPX Malicious Library PE File PE32 PNG Format DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows crashed					3.2		6	ZeroCERT

11426	2023-07-18 21:09	InvictaStealer.exe bb3ca7c1c010c41508edcf5b15ef0995 UPX Malicious Library OS Processor Check PE64 PE File VirusTotal Malware anti-virtualization					2.2		39	ZeroCERT

11427	2023-07-18 21:01	William_blake_Tax_2022.pdf dafe828e83a9797c5645d988034ae070 PDF VirusTotal Malware					0.4		1	ZeroCERT

11428	2023-07-18 18:42	win32.exe 6a3154595de5779cf6f0facb0c8c3cec NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Creates executable files RWX flags setting unpack itself AppData folder Windows Email ComputerName crashed	1 Keyword trend analysis	4	2		7.0		43	ZeroCERT

11429	2023-07-18 18:41	Project15.exe 2f8a3dfa7e89ffc2fd4166dc2db5bbe7 UPX Downloader Malicious Library OS Processor Check PE64 PE File VirusTotal Open Directory Malware MachineGuid Malicious Traffic Creates executable files Windows Exploit DNS	1 Keyword trend analysis	2	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Rejetto HTTP File Sever Response ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP		3.4		28	ZeroCERT

11430	2023-07-18 18:37	csrssnj.exe 3b08d70445120f2ef571828dde9d6be3 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder suspicious TLD ComputerName DNS	25 Keyword trend analysis Info http://www.ketotop5reviews.com/hjdr/ http://www.redhelpers.com/hjdr/ http://www.grandiosoyacht.com/hjdr/?JoeyZNb=ZIVepfGD+AffZCHV3Ol2oKUOXbfpNq4HeENG2f+1jk6NDjMSW9zSeGZmFetCeOX/fHb8BZzbaKu2Gddb3M9ccYXeJy9E2DDJWKKyeEo=&kiz0=gXOMyhyi http://www.tugrow.top/hjdr/?JoeyZNb=2Lz3cRNcgovZAvoxkyTJJkVbnS/f0a6U88mjUIjg2Los90+Pf0cBdPH279Q+Q6Q5Wf8ziDEK77rXCjEWctJre0mQm9v094R3uDXqBk4=&kiz0=gXOMyhyi - rule_id: 28388 http://www.tugrow.top/hjdr/?JoeyZNb=2Lz3cRNcgovZAvoxkyTJJkVbnS/f0a6U88mjUIjg2Los90+Pf0cBdPH279Q+Q6Q5Wf8ziDEK77rXCjEWctJre0mQm9v094R3uDXqBk4=&kiz0=gXOMyhyi http://www.selectenoil.ru/hjdr/ http://www.ketotop5reviews.com/hjdr/?JoeyZNb=Yijs5dzIRgyLtiEm8YVKzxzJARaaz1ygyQUAo47Y9YLXxcdZabP3kXt0loAI/PeeKKlEWCnqNGNFZU2DmCnSgcsd1psmTY3qHW8m6k0=&kiz0=gXOMyhyi http://www.amateurshow.online/hjdr/ - rule_id: 28385 http://www.amateurshow.online/hjdr/ http://www.kbtcoin.store/hjdr/ http://www.selectenoil.ru/hjdr/?JoeyZNb=sypAAqbL6Kbr584vXjavsMmnNbwkS+CAk00myYDn5pA6KuObmwsMPbuKx5sNOB5qiBdVaRcAgh8i/dcpaiFWtM7VI0mAReEdx1J8t80=&kiz0=gXOMyhyi http://www.my-bbs.com/hjdr/?JoeyZNb=gZwhwv+rj0JfbTlqQcvCJrahgucLKkM9Bn0g5rP7m3ePlM4d2wH7QHnXu7wnbI4S+7v4pDbRSdO7OKXzsqAdXWWFdviCngERcentyWw=&kiz0=gXOMyhyi http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip http://www.fatimaest.com/hjdr/?JoeyZNb=n5l8tCTW94Gw/giJefkHUbcRETzENs4hM9d2TK2mvTwTwL/1t4K1O3bDrGWsk3Qh+CJ6/CMThOr1qV0fFyX4yPVWltqTiQZmXL1as4k=&kiz0=gXOMyhyi http://www.my-bbs.com/hjdr/ http://www.amateurshow.online/hjdr/?JoeyZNb=xX5SVKkWhoDut3GzBaDmppnEHsg/q+4SKSfyO6xSWbIBYORImKJaBpt9iPBmVz2FT2wLfcB9Y2Q6assiK3BzS8oN8k0Uh6RuPdoxrUM=&kiz0=gXOMyhyi - rule_id: 28385 http://www.amateurshow.online/hjdr/?JoeyZNb=xX5SVKkWhoDut3GzBaDmppnEHsg/q+4SKSfyO6xSWbIBYORImKJaBpt9iPBmVz2FT2wLfcB9Y2Q6assiK3BzS8oN8k0Uh6RuPdoxrUM=&kiz0=gXOMyhyi http://www.fatimaest.com/hjdr/ http://www.morubixaba.com/hjdr/ http://www.redhelpers.com/hjdr/?JoeyZNb=YpqjTLELgUY/d4HafFE0oWZw/2NHDnY7eLtpu3Vtdcx4Jmz4rSZ5sKv2kTetxC3MAYUYmW4b6AXmlFI5jsCc5u3R6xF6PL4DkSBTPts=&kiz0=gXOMyhyi http://www.morubixaba.com/hjdr/?JoeyZNb=64l4nBwickRj5+B55yI4aT/AdbB/zOm/2hMG5E84rPCqZYVtS3+3gGKYYg0k5NU9ycD4+LRnqZYt8h6mEz9Kk96FRyUaLOgeH1rhAn8=&kiz0=gXOMyhyi http://www.tugrow.top/hjdr/ - rule_id: 28388 http://www.tugrow.top/hjdr/ http://www.grandiosoyacht.com/hjdr/ http://www.kbtcoin.store/hjdr/?JoeyZNb=OwT5fv3sMTyOF+WfoJr7V4VQqd+KzZL/KnHGdxnHtEh6vKw2S4OQP3sFw22/E53lopKvyHA6/BpX1iqNoYoz3wrhxCmlsV1/FTq7bdo=&kiz0=gXOMyhyi	24 Info www.grandiosoyacht.com(195.110.124.133) - www.amateurshow.online(37.220.1.68) - www.my-bbs.com(136.143.186.12) - www.kbtcoin.store() - www.selectenoil.ru(185.26.122.80) - www.morubixaba.com(84.32.84.32) - www.dsgdltrg.top(20.239.76.242) - www.ketotop5reviews.com(192.145.237.146) - www.fatimaest.com(184.168.113.171) - www.tugrow.top(66.29.131.66) - www.redhelpers.com(185.53.178.54) - 185.53.178.54 - 162.55.60.2 - 98.124.224.17 - 20.239.76.242 - 37.220.1.68 - 195.110.124.133 - 192.145.237.146 - 185.26.122.80 - 136.143.186.12 - 184.168.113.171 - 84.32.84.32 - 45.33.6.223 - 66.29.131.66 -	2	4	6.8		51	ZeroCERT