Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12271	2023-06-13 23:27	wewewewewewewewew%23%23%23%23%... df476b115a000832a0d688c512418b64 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.episcopus.biz/hs95/ http://www.chaviaggarwallajababfood.com/hs95/?iBIXfj=WktY9fkZfZJzfhYK1VzFmKDpe07rk+jAjbSgNo7CFHBbZVjRVdlTnIxVx7S7/m3QF+Nm1+vw&_R-d4b=ZL0XMDvPuhP&sql=1 http://www.jiuse9125.com/hs95/?iBIXfj=RelPKQUzZnqb0rMkOI74U2M80DzK2Xff/Sl4IDE6W4SP8KoZXSG+wob/ZpnGLgr2dbsqyUdU&_R-d4b=ZL0XMDvPuhP&sql=1 http://www.chaviaggarwallajababfood.com/hs95/ http://www.jiuse9125.com/hs95/ http://www.episcopus.biz/hs95/?iBIXfj=jHyWgmrPYlHBcFKvTz7WzXop+ND9BtMZmXTF/hfv76c859nDhSv//t4PMU4GMaIWSr56nrLq&_R-d4b=ZL0XMDvPuhP&sql=1 http://15.223.2.12/102/cleanmgr.exe	8	7 Info ET INFO Observed DNS Query to .biz TLD ET MALWARE FormBook CnC Checkin (POST) M2 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.4	M	32	ZeroCERT

12272	2023-06-13 23:25	rsrsrsrsrsrssrsrrsrsrsrsr%23%2... 5844f5934abfb6e17f5706c437673694 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.6	M	30	ZeroCERT

12273	2023-06-13 23:24	cleanmgr.exe 45d9ba24d4ec07e09cd3c0d0c59b46b3 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.2	M	51	ZeroCERT

12274	2023-06-13 23:23	moja.exe 18945f8d9550aa5e349a1cee5751a844 Gen1 UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware AutoRuns RWX flags setting unpack itself Tofsee Windows Remote Code Execution crashed	1 Keyword trend analysis	2	2		3.0	M	43	ZeroCERT

12275	2023-06-13 23:22	cleanpc.exe e03a07b14036db47894ae0f73fd0fb3b UPX Malicious Library PE File PE32 PNG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					3.0	M	39	ZeroCERT

12276	2023-06-13 23:21	file1.exe b5b0b3fcb71e4ca3f04996330b46d188 Generic Malware UPX PE File PE32 RWX flags setting unpack itself crashed					1.0			ZeroCERT

12277	2023-06-13 23:20	test.exe 005c45c7069070fe6ad1f112a16f135c UPX PE File PE32 VirusTotal Malware RWX flags setting crashed					1.8		49	ZeroCERT

12278	2023-06-13 23:17	cleanmgr.exe cff6c145eb350ea686f48866937e0a76 Formbook Generic Malware AntiDebug AntiVM PE64 PE File VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself					7.0	M	28	ZeroCERT

12279	2023-06-13 23:15	dcr1.exe 6ff799ae9a28bb581a9b1ca3743c4ae7 Generic Malware Antivirus PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1	1		6.4	M	17	ZeroCERT

12280	2023-06-13 23:13	cleanmgr.exe baca046e0c5667c8f2781be323953335 UPX Malicious Library PE File PE32 JPEG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					3.0	M	35	ZeroCERT

12281	2023-06-13 23:11	c10.exe 578b46884a5cf025330f49affe4e215d Generic Malware Antivirus UPX PE File PE32 Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName DNS Cryptographic key crashed Downloader	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	7.6	M	19	ZeroCERT

12282	2023-06-13 23:08	dd.exe c74440f0a96dd33b4b678acc26686f4c Generic Malware Antivirus PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1	1		6.4	M	13	ZeroCERT

12283	2023-06-13 23:06	dd12.exe 2ed9f5fd57f0bd14d8b6a367bcc2e6c7 UPX PE File PE32 RWX flags setting unpack itself crashed					1.0	M		ZeroCERT

12284	2023-06-13 23:04	c6.exe 12870413c142ab507ebe991344db61f3 Generic Malware UPX Antivirus PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName Cryptographic key crashed					5.2	M	41	ZeroCERT

12285	2023-06-13 23:04	ella.exe b1d97f2067a5b27d3a6787f3b42bc7d1 Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself DNS		1			2.8	M	43	ZeroCERT