Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
11656	2023-07-10 07:48	herozx.exe 016bbb3f7e72cb4d011c3bed3b0470e8 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	13.6	47	ZeroCERT

11657	2023-07-10 07:47	kudizx.exe 311d4bae516d3cdec05f0dc98166fdff .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself				5.6	49	ZeroCERT

11658	2023-07-10 07:46	LewdEarth.exe 0db6389f259acb930d7a6bd811c3ad8d Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware PDB				0.8	3	ZeroCERT

11659	2023-07-10 07:45	R0986545678.exe 82f1824f39b1df02b1254991df0b0655 NSIS UPX Malicious Library Downloader PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	7.6	47	ZeroCERT

11660	2023-07-10 07:43	H1eZ2N4PyqjrcK0.exe 5837e073397386a3840a5ae628ea6e12 Generic Malware Antivirus PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				12.2	38	ZeroCERT

11661	2023-07-10 07:10	http://dhqidctjo3ugevk9u5sev1r... Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2	4.6		Allae

11662	2023-07-08 14:16	rggrggrggrggrggrggrggrggrggrgg... c07d78c079d6fb8d98501c7c42b7a67c MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2	3	4.6	30	ZeroCERT

11663	2023-07-08 14:15	IE_NET.hta 44b47a2cd519068596c0e8cfcb401904 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			5.2	6	ZeroCERT

11664	2023-07-08 14:15	win.exe 261fad7a9f8939250bf2c3c1406f0fe9 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	7.6	49	ZeroCERT

11665	2023-07-08 14:12	new64x.dll b63f57d948b00f885ce27af54503df3a Malicious Library DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself Remote Code Execution DNS		2		2.4	5	ZeroCERT

11666	2023-07-08 14:12	norway_cr.exe d6c9402d8f40026fd013020ea8b4c598 UPX Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed				2.6	33	ZeroCERT

11667	2023-07-08 14:10	kudizx.doc c11126e9450b2d9e8717182e077f26ac MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	35	ZeroCERT

11668	2023-07-08 14:10	3qN9jJaXKsSA8e0LiGHt.exe 173f2817975d278fcc3163d9b5302467 .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.4	39	ZeroCERT

11669	2023-07-08 14:10	conhost.exe 197cf1b5f5228af677c04341b43b58f0 Emotet Generic Malware Suspicious_Script_Bin task schedule Downloader UPX Malicious Library Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Co VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key	7 Keyword trend analysis Info https://raw.githubusercontent.com/S1lentHashhh/watchdog/main/WatchDog.exe https://github.com/S1lentHashhh/watchdog/raw/main/WatchDog.exe https://raw.githubusercontent.com/S1lentHashhh/WinRing/main/WinRing0x64.sys https://github.com/S1lentHashhh/xmrig/raw/main/xmrig.exe https://pastebin.com/raw/btyX5Ze4 https://raw.githubusercontent.com/S1lentHashhh/xmrig/main/xmrig.exe https://github.com/S1lentHashhh/WinRing/raw/main/WinRing0x64.sys	6	1	12.6	33	ZeroCERT

11670	2023-07-08 14:09	bv6.jpg.ps1 59a8cad944c41d6673ca0550b0177016 Generic Malware Antivirus powershell AutoRuns Check memory unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	5.6		ZeroCERT