Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14206	2023-03-28 08:18	STUB.VBS acd59921a2cc83f7afa97f7170edff34 Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		8.0	M		ZeroCERT

14207	2023-03-28 08:16	codeexe.ps1 63d3846c74a6583c03f0b2a1f2fbce77 Generic Malware Antivirus powershell Check memory heapspray unpack itself WriteConsoleW Windows Cryptographic key					1.6	M		ZeroCERT

14208	2023-03-28 08:06	invoice#91273.js c6a07509b7612ce8000b929c058bc92a Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8			ZeroCERT

14209	2023-03-27 17:34	notepadp.exe 4057acbd036de09b67259254135aa554 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself Remote Code Execution					2.0	M	39	ZeroCERT

14210	2023-03-27 17:18	nerino.exe 4e9932a21816959b576ac87a41855cce UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.0		22	ZeroCERT

14211	2023-03-27 17:18	notepadp.exe 4057acbd036de09b67259254135aa554 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself Remote Code Execution					2.0	M	39	ZeroCERT

14212	2023-03-27 11:27	Wyciek-NFZ-16-03-2023.xlsx 67126c10471b06d8a5b86d78bd6052f4 ZIP Format exploit crash unpack itself Exploit crashed					1.8	M		ZeroCERT

14213	2023-03-27 10:57	t.msi a62037c1812df2774da6257f465d5b78 Gen2 Malicious Library ASPack UPX OS Processor Check CAB MSOffice File DLL PE32 PE File VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName DNS	4 Keyword trend analysis Info http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAP7r%2BFw4Evn1FZeRLt68uo%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAewQY2lHhSMMxu83rcTgyM%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTDZGCsCkDHH%2BXwJVKt4ohdOTWBUQQUy1yTroib%2FkNvVlBSAm14%2FKzhsVoCEA1e%2BQMDwigDd9%2FgTXTiCGE%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D	8			6.2		7	ZeroCERT

14214	2023-03-27 10:57	clip64.dll 104ac57c9dda07fb60fb09f4f2a638f4 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	53	ZeroCERT

14215	2023-03-27 10:55	vpn-go.exe e38edcf41b7b13dc8837e030774cf083 PWS .NET framework RAT UPX Malicious Library Anti_VM Malicious Packer OS Processor Check .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself					5.8	M	41	ZeroCERT

14216	2023-03-27 10:51	Lamb.pif.exe 581176025eb809b5120fd584cb9dc237 Generic Malware UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Checks debugger unpack itself DNS	3 Keyword trend analysis	22 Info www.google.com(172.217.25.164) www.gstatic.com(172.217.25.163) cdn.stubdownloader.services.mozilla.com(34.120.48.173) fonts.googleapis.com(142.250.76.138) clients2.googleusercontent.com(172.217.25.161) accounts.google.com(142.250.207.109) _googlecast._tcp.local() apis.google.com(172.217.25.174) fonts.gstatic.com(172.217.25.163) clientservices.googleapis.com(142.250.207.99) 142.250.207.67 142.250.207.78 34.120.48.173 121.254.136.27 172.217.24.74 142.250.199.78 142.250.66.36 172.217.24.227 142.251.220.1 172.217.31.13 142.250.66.67 142.250.204.67			3.2	M	36	ZeroCERT

14217	2023-03-27 10:51	Date2023.exe f7fd4791be2e2624b7fbb1d91ab2f539 Gen1 UPX Malicious Packer Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Software	4 Keyword trend analysis	5	4	3	15.6	M	29	ZeroCERT

14218	2023-03-27 10:50	emefamstartup.ps1 b9611fdaa214df556ad6c8fc582a45f6 Formbook PWS .NET framework Hide_EXE Generic Malware Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	2	5		16.4	M	22	ZeroCERT

14219	2023-03-27 10:47	usa.exe f00f6596f6bf65d01cb390aebc5326f5 PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			4.8	M	52	ZeroCERT

14220	2023-03-27 10:45	97.exe 571ce7de07a8e7ad2bb8abae3c625f11 UPX Malicious Library OS Processor Check PE32 PE File .NET DLL DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Tofsee Windows Cryptographic key		2	1		5.4	M	45	ZeroCERT