Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2025-04-28 10:48	pik.ps1 61d5db12ed0611000c59d5fd7fe884c2 Generic Malware Antivirus Malware download VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	5.6	M	21	ZeroCERT

2	2025-04-28 10:38	nums.vbs fe71e84d826e568fb59858c87d53d966 Generic Malware Antivirus PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	1	6 Info ET INFO PS1 Powershell File Request ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0	M	8	ZeroCERT

3	2025-04-28 10:16	cred.dll 69aba41ff3745b625a9e73b0f167b0e2 Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2			9.4		50	ZeroCERT

4	2025-04-28 10:14	namen.ps1 a96761c1e3bed0f2c2f8e2d616f60d40 Generic Malware Antivirus URL Format Malware download VirusTotal Malware VBScript powershell AutoRuns Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key Downloader	2 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host VBS Request ET HUNTING PowerShell DownloadString Command Common In Powershell Stagers		6.4		14	ZeroCERT

5	2025-04-28 10:14	ret.exe 69f49a50e927c947f4cb26a03dc67285 task schedule PWS Code injection KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 DLL .NET DLL Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder Windows ComputerName DNS Cryptographic key crashed Downloader	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.2		50	ZeroCERT

First
1
Last
Total : 5cnts