Threat Feed | Online Malware Sandbox

Windows Exe (x86-64)

b3ee45857c5a2b568acb1ac5e8a8258b.exe

malicious

SHA256: bbf9fb80bd5df24d31038bf7ce8741627da161be37dff3dbc0c69ce6cfc17a1e

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

4/5

Masks file extension

4/5

Uses a double file extension

4/5

Malicious file detected via reputation

2/5

Tries to detect application sandbox

1/5

Modifies operating system directory

1/5

Resolves API functions dynamically

1/5

Modifies application directory

1/5

Installs system startup script or application

1/5

Drops PE file

1/5

Performs DNS request

Ransomware

rcx8097.exe

2025-03-28T06:31:25.501

Windows Exe (x86-32)

rcx8097.exe

malicious

SHA256: b496889fb1cda792879522d3db1b0ebd10a55cb8f0dfc9e626fb71b8f0d5010f

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

4/5

Modifies Windows Defender configuration

4/5

Creates a new process masquerading as a system process

4/5

Malicious file detected via reputation

3/5

Executable modifies its own file

2/5

Schedules task

2/5

Creates an unusually large number of processes

2/5

Schedules task via schtasks

1/5

Modifies operating system directory

1/5

Creates mutex

1/5

Enables process privileges

1/5

Writes an unusually large amount of data to the registry

1/5

Enumerates running processes

1/5

Modifies application directory

1/5

Resolves API functions dynamically

1/5

Creates process with hidden window

Spyware

4aa0392fa085affb4a7c91cd107fe3d2.exe

2025-03-28T06:30:12.014

Windows Exe (x86-64)

4aa0392fa085affb4a7c91cd107fe3d2.exe

malicious

SHA256: 99744434805d1147c06aed90282b8c461ac458bc9160aab236e55b56cb8718be

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

4/5

Uses a double file extension

4/5

Malicious file detected via reputation

4/5

Masks file extension

2/5

Tries to detect application sandbox

2/5

Creates a new process from a system binary

1/5

Resolves API functions dynamically

1/5

Modifies operating system directory

1/5

Drops PE file

1/5

Performs DNS request

1/5

Modifies application directory

1/5

Installs system startup script or application

Ransomware

Flight Route and Commodity details.vbs

2025-03-28T06:26:00.315

VBScript

Flight Route and Commodity details.vbs

malicious

SHA256: 6a7659149cd1bd947ab76dbb4ab97d19d23b4e9239b6a389bfffde73feea4511

VMRay Threat Identifiers

Severity

Operation

5/5

Sets up server that accepts incoming connections

4/5

Executes encoded PowerShell command

3/5

Schedules task

3/5

Schedules task via schtasks

2/5

Collects hardware properties

2/5

Performs DNS request

2/5

Checks external IP address

1/5

Connects to remote host

1/5

Creates mutex

1/5

Executes WMI query

Backdoor

localfile~

2025-03-28T06:25:42.612

macOS Executable

localfile~

malicious

SHA256: bc26106b8acc05b075922353be3b252b49c03f35adff4ee2b456dba23e77a080

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

4/5

Malicious file detected via reputation

3/5

Query SIP status

3/5

Tries to evade debugger

3/5

Suspicious content matched by YARA rules

2/5

Suspicious content matched by YARA rules

1/5

Reads system data

Spyware