Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
11431	2023-07-18 18:36	Account.pdf bfd3ae8bb20e06f32f5b46100dc498c2 PDF ZIP Format Windows utilities Windows DNS	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip	1			2.0		ZeroCERT

11432	2023-07-18 18:35	csrssop.EXE 28054120effda1f940bff3c6fb9c125b Formbook AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS	23 Keyword trend analysis Info http://www.sisbom.online/pta7/ - rule_id: 35245 http://www.sisbom.online/pta7/ http://www.playcups.life/pta7/ - rule_id: 35250 http://www.playcups.life/pta7/ http://www.sisbom.online/pta7/?HKo0O=9K+XUf37kaVDuc0IEb/en1sQBc6oG59LX1JpxUbzLe92mNGRZFlQ32afb7pO3FMoswo/Nr7Bt7+lgxXjhaaHcK0lGMXqPnmX0dOCo/8=&VDxqzI=9mcccHfMu - rule_id: 35245 http://www.sisbom.online/pta7/?HKo0O=9K+XUf37kaVDuc0IEb/en1sQBc6oG59LX1JpxUbzLe92mNGRZFlQ32afb7pO3FMoswo/Nr7Bt7+lgxXjhaaHcK0lGMXqPnmX0dOCo/8=&VDxqzI=9mcccHfMu http://www.yh66985.com/pta7/?HKo0O=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&VDxqzI=9mcccHfMu - rule_id: 35249 http://www.yh66985.com/pta7/?HKo0O=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&VDxqzI=9mcccHfMu http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.yh66985.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.cosmicearthgoddess.com/pta7/ http://www.maytag36.com/pta7/?HKo0O=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&VDxqzI=9mcccHfMu - rule_id: 35246 http://www.maytag36.com/pta7/?HKo0O=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&VDxqzI=9mcccHfMu http://www.selfstorage.koeln/pta7/?HKo0O=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&VDxqzI=9mcccHfMu - rule_id: 35247 http://www.selfstorage.koeln/pta7/?HKo0O=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&VDxqzI=9mcccHfMu http://www.cosmicearthgoddess.com/pta7/?HKo0O=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&VDxqzI=9mcccHfMu - rule_id: 35248 http://www.cosmicearthgoddess.com/pta7/?HKo0O=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&VDxqzI=9mcccHfMu http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.maytag36.com/pta7/ http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip http://www.selfstorage.koeln/pta7/ - rule_id: 35247 http://www.selfstorage.koeln/pta7/	13 Info www.sisbom.online(162.240.81.18) - www.selfstorage.koeln(81.169.145.157) - www.yh66985.com(154.215.247.58) - www.playcups.life(203.161.58.192) - www.cosmicearthgoddess.com(74.208.236.61) - www.maytag36.com(13.248.148.254) - 74.208.236.61 - 154.215.247.58 - 81.169.145.157 - 13.248.148.254 - 45.33.6.223 - 162.240.81.18 - 203.161.58.192 -	2	11 Info http://www.sisbom.online/pta7/ http://www.playcups.life/pta7/ http://www.sisbom.online/pta7/ http://www.yh66985.com/pta7/ http://www.yh66985.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/	9.0	48	ZeroCERT

11433	2023-07-18 18:34	kwen.vbs d9d77de313534367ddce55a717e370f9 Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.2	7	ZeroCERT

11434	2023-07-18 18:32	ohoyeczx.exe f7d1117ace1e63a2a3cf9d45cb94b9b5 email stealer Generic Malware Downloader UPX Antivirus Escalate priviledges PWS DNS Code injection persistence KeyLogger Create Service Socket P2P DGA Steal credential Http API Sniff Audio HTTP ScreenShot Internet API FTP AntiDebug AntiVM PE64 PE File OS VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Checks Bios Auto service Detects VirtualBox powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW VMware anti-virtualization Tofsee Windows ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		18.2	33	ZeroCERT

11435	2023-07-18 18:31	wikimap.exe caafec374594c5b93a986bc31df97f17 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows crashed					4.4	27	ZeroCERT

11436	2023-07-18 18:31	Uni.bat 488a8bd72bd92554832ec260181e949b Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities WriteConsoleW Windows ComputerName Cryptographic key					3.0		ZeroCERT

11437	2023-07-18 18:30	lolMiner.exe 055eaec478c4a8490041b8fa3db1119d PE64 PE File VirusTotal Malware Checks debugger					2.2	43	ZeroCERT

11438	2023-07-18 18:28	winBx.exe 1482780bd41df6d1dfe68b2629c26d08 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder DNS		1			4.2	20	ZeroCERT

11439	2023-07-18 18:27	WIZXWIXWIZXIZWIXZIWXIZWIZX%23%... 59bbe490b56e19b6ea1eeff988e390ef MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	2 Keyword trend analysis	5	9 Info ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY IP Check Domain (showip in HTTP Host) SURICATA Applayer Detect protocol only one direction ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	30	ZeroCERT

11440	2023-07-18 18:27	invoice.pdf.lnk e2ef58cea3134177185a50584111495d Antivirus AntiDebug AntiVM GIF Format PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key					10.0		ZeroCERT

11441	2023-07-18 18:26	WWWEWEIEEWEEIWEEIIWEEIIWEE%23%... 3190bb8beecc3effa69bf79cc32be9eb MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET POLICY IP Check Domain (showip in HTTP Host) ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.2	31	ZeroCERT

11442	2023-07-18 18:25	shedin2.1.exe 3237ac71bbc1b1153dda35c76e1b80b8 NSIS UPX Malicious Library PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2		8.2	42	ZeroCERT

11443	2023-07-18 18:22	win32.exe d5d3f11ec57ac1722ca2ac9fab41b480 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself suspicious process AppData folder Windows DNS crashed		1			5.0	29	ZeroCERT

11444	2023-07-18 18:22	sss.exe 94d1bb33b8c22334e339d4462d4c0636 Malicious Packer PE64 PE File VirusTotal Malware					1.2	17	ZeroCERT

11445	2023-07-18 18:21	win32.exe 3a11f5f7dcb6e3dd51ef7a864c29403f NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting unpack itself AppData folder Windows ComputerName crashed	1 Keyword trend analysis	2	1		5.8	42	ZeroCERT