Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12241	2021-09-09 09:50	360.exe 4b6041ec1313e10979cbe1d154d87352 PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Creates executable files unpack itself Windows Remote Code Execution DNS	1 Keyword trend analysis	1	2		6.0	M	53	ZeroCERT

12242	2021-09-09 09:50	sefile2.exe 3c933afc5af70a1c6330452b6f3f1f46 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	23	ZeroCERT

12243	2021-09-09 09:52	ipfile.exe 3b1da65539de559464dce8e2e8074227 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8	M	24	ZeroCERT

12244	2021-09-09 09:53	sufile.exe f8a663ba086d55062bd727777b7cb02c Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	21	ZeroCERT

12245	2021-09-09 09:55	clip.exe cbdd7e3ccea8e6cfae0dddf8fe6f6599 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8	M	21	ZeroCERT

12246	2021-09-09 09:56	linesloters.png 4f2e675ac43f180075d9b1f3316486f8 Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Dridex TrickBot Malware PDB suspicious privilege Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	7 Keyword trend analysis Info https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/NAT%20status/client%20is%20behind%20NAT/0/ https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/file/ https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/MCxF3JrLYrtTCbjOSF8HBH79R/ https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/user/test22/0/ https://105.27.205.34/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/pwgrabb64/ https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesSAOY%5Clinesloters.exe/0/	4	4		8.6	M		ZeroCERT

12247	2021-09-09 12:13	360.exe 4b6041ec1313e10979cbe1d154d87352 CoinMiner Generic Malware UPX PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Creates executable files unpack itself Windows Remote Code Execution DNS	1 Keyword trend analysis	1	2		6.0	M	53	r0d

12248	2021-09-09 12:16	0908_1433632206833.doc 7be586e116427f79c0b9dc51d3f5419a Generic Malware VBA_macro MSOffice File unpack itself					1.6			guest

12249	2021-09-09 12:16	0908_3382318512000.doc 985430bde7046f60da665fb65a15d5b5 Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName	2 Keyword trend analysis	4	1		7.6	M		guest

12250	2021-09-09 12:19	0908_4652590689245.doc 512bf2e7c344b5b9dce4e0ad126b3445 Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	2 Keyword trend analysis	4	1		7.2	M		guest

12251	2021-09-09 12:49	0908_1433632206833.doc 7be586e116427f79c0b9dc51d3f5419a hancitor Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	2 Keyword trend analysis	4	1	1	7.2	M		ZeroCERT

12252	2021-09-09 16:31	file.exe fd89d95093e3dbd5fd1a9ce4e9eec47a Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	34	ZeroCERT

12253	2021-09-09 16:32	lv.exe b9424401181e75b5c4b5d418860d864e Emotet NPKI Gen1 Gen2 Generic Malware Themida Packer Malicious Library Anti_VM UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal cred VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs Windows crashed		1			9.8	M	35	ZeroCERT

12254	2021-09-09 16:33	ChairSyllabuses_2021-09-04_05-... 56bf0659c6d08974d34baa2a8206524e Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	42	ZeroCERT

12255	2021-09-09 16:34	lv.exe 25a6cb0f02405cdb54aef3696a91d405 Gen1 Gen2 Themida Packer Generic Malware Malicious Library Malicious Packer PE File PE32 DLL PE64 VirusTotal Malware Check memory Creates executable files unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows Firmware crashed					6.8	M	39	ZeroCERT