Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14176	2023-04-12 09:19	fotocr17.exe 42d79839773ca4f55709c1a026a25914 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	15.4	M		ZeroCERT

14177	2023-04-12 09:19	Hjkjhgue.ps1 9f2185dd58f001676cc084472c0d35b5 Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			4.4			ZeroCERT

14178	2023-04-12 09:18	OriginalBuild.exe 4851971e37ce8cd2b61a795780b7d4b5 RAT Generic Malware Antivirus .NET EXE PE32 PE File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1		5.4	M	28	ZeroCERT

14179	2023-04-12 09:18	photo_112.exe 2d317d80cc4409532c86c8f117ad3617 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	15.4	M		ZeroCERT

14180	2023-04-12 09:16	clip64.dll dddb7f44df311203facdf9bb248f80ad UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	59	ZeroCERT

14181	2023-04-12 09:14	foto0154.exe 5752ce032f925d2294ef5abfe4b1360f Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		8.2	M		ZeroCERT

14182	2023-04-12 09:14	kXFpZBb.exe 46fabd3f430861f683716bc8857de68d Emotet Hide_EXE Generic Malware UPX Malicious Library Antivirus PE32 PE File VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution Cryptographic key				6.4	M	45	ZeroCERT

14183	2023-04-12 03:56	NMemo1Setp.exe f12aa4983f77ed85b3a618f7656807c2 Confuser .NET .NET EXE PE32 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Ransomware DNS		3	3	3.8	M	59	guest

14184	2023-04-11 17:52	xt64.exe 2de83135f9c732a1563ba36d73444109 PE64 PE File VirusTotal Malware crashed				1.8	M	33	ZeroCERT

14185	2023-04-11 17:52	windows.exe ebc9000c9233ce8d2f0ec1d81ea6dfd5 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Checks debugger unpack itself				2.0	M	33	ZeroCERT

14186	2023-04-11 17:20	main.6d2031af.js bb3dcb1e3e853f373a62c76be8885c5f crashed				0.2			BRY

14187	2023-04-11 16:55	Patch.exe 48c2f2d2f74f052c77a7c1694c5cf7e4 UPX ASProtect PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Remote Code Execution				2.4		12	guest

14188	2023-04-11 15:43	AL.pdf 2a8d2f23d6dfda4df874b409d503ce39 PDF Suspicious Link PDF AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows	4 Keyword trend analysis Info http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxpsjblnoxgjoqggdsbvujtof4_58/khaoiebndkojlmppeemjhbpbandiljpe_58_win_advr4ucepztwtigvw3fduftsvbeq.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/jewvegtcs2qdew3nlzz4kvsjqm_9.44.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.44.0_all_pywouuhjzu3khiqqvvfs2jt53q.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/g6v7tvx6ixuzstk5etcqebphhq_7954/hfnkpimlhhgieaddgfemjhofmfblmnib_7954_all_adj2i674lrtcwrqqfhv37vujcaya.crx3 https://zacuta.com/eupa/eupa.php	19 Info edgedl.me.gvt1.com(34.104.35.123) www.google.com(142.250.206.228) www.gstatic.com(142.250.206.227) fonts.googleapis.com(142.250.207.106) accounts.google.com(142.250.206.205) _googlecast._tcp.local() apis.google.com(172.217.161.238) fonts.gstatic.com(142.250.207.99) zacuta.com(162.0.217.30) - mailcious clientservices.googleapis.com(142.250.207.99) 142.250.207.67 142.251.220.99 172.217.27.13 162.0.217.30 - mailcious 34.104.35.123 172.217.24.74 172.217.24.100 172.217.25.3 142.250.66.78	2	3.6		7	ZeroCERT

14189	2023-04-11 15:38	AL.pdf 2a8d2f23d6dfda4df874b409d503ce39 PDF Suspicious Link PDF VirusTotal Malware				0.4		7	ZeroCERT

14190	2023-04-11 15:26	ap3b.exe 2f2354202272c2848ca7c2ac18794703 Generic Malware UPX Malicious Library Antivirus OS Processor Check PE64 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.4	M	45	ZeroCERT