Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14746	2023-03-09 13:40	FACT.724346.msi 25b49a59b55af3e0c4082c3ebe4e01ac Gen2 Generic Malware Malicious Library OS Processor Check CAB MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk IP Check VM Disk Size Check Tofsee ComputerName		2	2		2.6		7	ZeroCERT

14747	2023-03-09 13:29	VESSEL PARTICULARS.exe 24f2bf961c5ebc9007ba75b6f029388b PWS .NET framework .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.4		30	ZeroCERT

14748	2023-03-09 11:15	5814 N 17ST.doc d44eab3f49c70836c4f7b9524a343f31 emotet Generic Malware VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit crashed	3 Keyword trend analysis	15 Info finephotos.com.au(212.1.210.110) - malware baangnews.com(104.21.69.237) - malware www.theaffiliateincome.com(66.96.149.32) - malware snjwellers.com() - malware vietcontents.xyz() - malware pesquisacred.com() - malware arthurjacksonctc.com(185.230.63.171) - malware apps.identrust.com(23.216.159.81) luandasoft.com(103.224.212.222) - malware 104.21.69.237 212.1.210.110 121.254.136.27 185.230.63.107 - phishing 103.224.212.222 - mailcious 66.96.149.32 - mailcious	3	1	3.8		45	ZeroCERT

14749	2023-03-09 11:10	azienda.url c57ce09111a84d1110b24a8505ff5804 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8		3	ZeroCERT

14750	2023-03-09 10:49	htatest1.hta.html 39d9214d90175864588feedc9e27b5b0 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed			2		9.0		9	ZeroCERT

14751	2023-03-09 10:40	DefendUpdate.exe bbabecb60a7d91dc4b01da5359280b92 UPX PE File PE64 VirusTotal Malware crashed					1.8	M	21	r0d

14752	2023-03-09 10:34	office.exe 4a39e396ddbd9c7116858b6f96a06eb2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.6	M	42	ZeroCERT

14753	2023-03-09 10:15	HAD.exe 92569f0bc4733fd80a974d67ddb9435e UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.4	M	27	ZeroCERT

14754	2023-03-09 10:15	Z5VhmI2NZZjijkdMu3uv21nvMfnvRC... 95ab53ac1cbd8a0f63bb6175b9c93f2b Malicious Library DLL PE File PE64 Remote Code Execution					0.8			ZeroCERT

14755	2023-03-09 10:13	31.31.31.doc 53b7ecf8450a8d221651aafd0a799b05 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		4.8	M	27	ZeroCERT

14756	2023-03-09 10:12	vbc.exe c4e6210df23d8c36b5fc72a04d91bd89 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		13.4	M	35	ZeroCERT

14757	2023-03-09 10:11	clip64.dll 57cf7ce2696f4ac87b27879886a089bf UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	49	ZeroCERT

14758	2023-03-09 10:08	JavHa.exe 4adf9b20011bc571b61884f1b630a84a UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.4	M	28	ZeroCERT

14759	2023-03-09 10:08	photo_004.exe f299e8ceddf0b64611f2dd18bd7bb55e UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					1.2			ZeroCERT

14760	2023-03-09 10:07	vbc.exe ff0de9ed198503bbcc642614eefc377e UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed					7.0	M	25	ZeroCERT