Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14761	2023-03-09 10:06	clip64.dll 312bf0a2cfe4b485ee52c40fbadf1915 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	51	ZeroCERT

14762	2023-03-09 10:05	EPR Payment Summary.doc ad16430c43ef743109301fa643a25eed VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	6 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://meeting.nmconline.org/wp-content/pgynuy3gyq-qib01-12349/ https://www.honeybearlane.com/epj71/tBtwANZJs/ https://ramadepo.000webhostapp.com/wp-includes/90cn-6er-1300852063/ https://royalinteriorsdesign.000webhostapp.com/wp-admin/hkgyeqNXL/ https://stretchpilates.fit/wp-content/kvRYjXUH/	12 Info royalinteriorsdesign.000webhostapp.com(145.14.145.187) - mailcious stretchpilates.fit(192.124.249.111) - malware www.honeybearlane.com(199.79.53.17) - mailcious apps.identrust.com(23.216.159.9) meeting.nmconline.org(104.207.254.70) - malware ramadepo.000webhostapp.com(145.14.144.143) - malware 145.14.145.163 - mailcious 104.207.254.70 145.14.144.197 - malware 121.254.136.57 192.124.249.111 199.79.53.17	4		4.8	M	40	ZeroCERT

14763	2023-03-09 10:04	sqlcmd.exe fc4462b1448b7db9f905be31b1bb288d Generic Malware UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	4	2		10.0	M	33	ZeroCERT

14764	2023-03-09 10:03	ss35.exe 8c88de3d340307ef3994e4d42b988b27 Gen2 Gen1 UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.2	M	7	ZeroCERT

14765	2023-03-09 10:03	RnLGmaMVRRbyeY3nZb a5bd4d4812aab61a33ad2ac1265c127f						M		ZeroCERT

14766	2023-03-09 10:02	bcd4b93a1a85c5ba45a4f7e5980db1... 3b32570cfc08329e3bf2624f727ead3f Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	5.0	M	44	ZeroCERT

14767	2023-03-09 10:01	PO-465514-180820.doc d7e6921bfd008f707ba52dee374ff3db Generic Malware VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit crashed	6 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://52550750-56-20180826151453.webstarterz.com/savewayexpressthai.com/jnze_2o3j_k/ http://oubaina.com/wp-includes/lqkz_nvr_1avf4/ https://www.msbc.kz/data/k527_5_cbdvv5bi19/ http://okcupidating.com/im/fsq_esj_qgx060p/ http://bike-nomad.com/cgi-bin/7n_0x0_62mnzyh9q/	10 Info bike-nomad.com(63.247.140.170) - mailcious 52550750-56-20180826151453.webstarterz.com() - malware www.msbc.kz(195.210.46.42) - mailcious okcupidating.com() - mailcious apps.identrust.com(23.216.159.81) oubaina.com(123.253.24.22) - malware 63.247.140.170 - mailcious 123.253.24.22 195.210.46.42 - mailcious 121.254.136.57	1		3.8	M	47	ZeroCERT

14768	2023-03-09 10:01	cred64.dll 7b4ebf09cf37a88ab510a9fc4657f15e Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4	M	47	ZeroCERT

14769	2023-03-09 09:59	clip64.dll 5ff83d0896db3f702f09bcd8c943cea7 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	53	ZeroCERT

14770	2023-03-09 09:59	cred64.dll d0bf0d14fe6110f185c8b98423c7b152 Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName crashed					2.8	M	42	ZeroCERT

14771	2023-03-09 09:57	ChromeFIX_error.exe 26db14ad0b3f52784f53f5a9cde42d6a RedLine stealer[m] RAT UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Browser Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		2			10.8		30	ZeroCERT

14772	2023-03-09 09:57	DefendUpdate.exe bbabecb60a7d91dc4b01da5359280b92 PE File PE64 VirusTotal Malware crashed					1.8		21	ZeroCERT

14773	2023-03-09 09:55	vbc.exe ece373b3964de43caf73e842e38703ae AgentTesla PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Downloader UPX Anti_VM Antivirus Create Service Socket DNS Internet API PWS[m] Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM .NET EXE PE32 PE File Remcos VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key DDNS crashed keylogger	1 Keyword trend analysis	4	2		13.4	M	31	ZeroCERT

14774	2023-03-09 09:55	ss37.exe 078fb584923487706390abc1a27a0459 Gen2 Gen1 UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.2		5	ZeroCERT

14775	2023-03-09 09:55	vbc.exe 174e78cfa74be3d0d0f7eeb4eec0450c RAT SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					12.2	M	29	ZeroCERT