Threat Feed | Online Malware Sandbox

HTML Document

RFQ#PWL-9309020.pdf (2).sHtmL

malicious

SHA256: afeca17f88bb3214150d0dd356724994602ad1ef70f2ef0d95eef923ea3c74a7

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Combination of other detections indicates a phishing website

3/5

Page contains a Microsoft logon form

2/5

The HTML file contains logon form

1/5

Page presents itself as a logon page

Phishing

PWCCAWLGRE.exe

2025-06-30T19:41:34.656

Windows Exe (x86-32)

PWCCAWLGRE.exe

malicious

SHA256: fb93d7d406d4183126e4de18f946ca898be8639a624cc14b57668e8207fc52ee

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

3/5

Disables a Windows system tool

1/5

Executes dropped PE file

1/5

Modifies operating system directory

1/5

Creates process with hidden window

1/5

Installs system startup script or application

1/5

Resolves API functions dynamically

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

The binary file was created with a packer

Ransomware

BNAGMGSPLO.exe

2025-06-30T19:41:07.901

Windows Exe (x86-32)

BNAGMGSPLO.exe

malicious

SHA256: e7f92bcb9785c80231c3ed9a73c9780f51093e1eb47c319b48c277c6bfb2f9ac

VMRay Threat Identifiers

Severity

Operation

5/5

Modifies content of user files

3/5

Tries to detect analyzer sandbox

3/5

Disables a Windows system tool

1/5

Installs system startup script or application

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

The binary file was created with a packer

1/5

Creates a page with write and execute permissions

1/5

Executes dropped PE file

1/5

Modifies operating system directory

1/5

Creates process with hidden window

Ransomware

Reincoration.exe

2025-06-30T19:40:06.728

Windows Exe (x86-32)

Reincoration.exe

malicious

SHA256: 4bb9ab231a36ca368e1bc211b01931ab4d98add87716ea3cfe4e7e95289a2fa5

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections shows configuration discovery

4/5

Modifies network configuration

4/5

Modifies Windows Defender configuration

3/5

Reads installed applications

2/5

Reads sensitive browser data

2/5

Searches for sensitive browser data

2/5

Queries OS version via WMI

2/5

Collects hardware properties

2/5

Sets up server that accepts incoming connections

1/5

Enables process privileges

1/5

Creates mutex

1/5

Checks external IP address

1/5

Installs system startup script or application

1/5

Performs DNS request

1/5

Connects to remote host

1/5

Query OS Information

1/5

Modifies operating system directory

1/5

A monitored process crashed

1/5

Possibly does reconnaissance

1/5

Creates process with hidden window

GetMac.exe

2025-06-30T19:39:13.225

Windows Exe (x86-32)

GetMac.exe

malicious

SHA256: f9fda365f953bf18ccc467d7c5a367d9adda4c06a97528ac642561ad61f139d4

VMRay Threat Identifiers

Severity

Operation

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

4/5

Entry point injection

2/5

Hides files

1/5

Drops PE file

1/5

Creates mutex

1/5

Installs system startup script or application

1/5

Creates a page with write and execute permissions

1/5

Enumerates running processes

1/5

Possibly does reconnaissance

1/5

Performs DNS request

1/5

Resolves API functions dynamically

Injector