Threat Feed
PurchaseOrder89731588pdf.exe
2026-01-16T21:25:49.135
malicious
Windows Exe (x86-32)
Close
PurchaseOrder89731588pdf.exe
malicious
SHA256:
a237da4064c03357e53ea31c606c3d23291b1c476cdb5ed1c72ce29af7ccc2b0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
FormBook configuration was extracted
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Captures clipboard data
2/5
Tries to detect kernel debugger
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Delays execution
1/5
Creates a page with write and execute permissions
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Drops PE file
1/5
Tries to detect debugger
1/5
Creates mutex
1/5
Query OS Information
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Enables process privileges
Spyware
Injector
file.exe
2026-01-16T21:25:43.501
malicious
Windows Exe (x86-32)
Close
file.exe
malicious
SHA256:
9c57caf3120b3ce67ab5a52e167f9768997dde1364a1a398ef61fb38ff3ed1f0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Makes indirect system calls to hide process injection
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Loads a known vulnerable file
4/5
Modifies Windows Defender configuration
3/5
Uninstalls Windows protection features
3/5
Executes code with kernel privileges
3/5
Disables a crucial system service
2/5
Creates an unusually large number of processes
2/5
Reads network adapter information
2/5
Sends control codes to a driver
2/5
Enables critical process privileges
2/5
Delays execution
2/5
Collects hardware properties
2/5
Sets up server that accepts incoming connections
2/5
Executes dropped PE masquerading Filename
2/5
Creates a new process from a system binary
2/5
Enumerates running processes
2/5
Signed executable failed signature validation
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Installs system service
1/5
Executes dropped PE file
1/5
Drops PE masquerading Filename
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Unusual large memory allocation
1/5
Accesses volumes directly
1/5
Reads from memory of another process
1/5
Creates process with hidden window
PUA
Miner
Injector
SSA_eStatement.cmd
2026-01-16T21:23:42.233
malicious
Windows Batch File
Close
SSA_eStatement.cmd
malicious
SHA256:
5614e53b3663b685e2ffb2e2ec56f5d1cc7d925738b3e88af4f61e4dab19af7b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies operating system directory
4/5
Obscures a file's origin
4/5
Hijack installed services
4/5
Installs system service
4/5
Creates a new process from a system binary
3/5
Delays execution
3/5
Modifies application directory
3/5
Takes screenshot
3/5
Suspicious content matched by YARA rules
3/5
Loads dropped dll via known dll loaders
2/5
Performs DNS request
2/5
Collects user account information
2/5
Downloads file
2/5
Tries to connect using an uncommon port
2/5
Executes dropped PE file
2/5
Drops PE file
2/5
Loads a dropped DLL
2/5
Reads network adapter information
2/5
Enables process privileges
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Queries OS version via WMI
2/5
Writes an unusually large amount of data to the registry
1/5
Enumerates running processes
1/5
Accesses volumes directly
1/5
Query OS Information
1/5
Collects BIOS properties
1/5
Creates mutex
1/5
Collects timezone settings
1/5
Executes WMI query
1/5
Query CPU Properties
1/5
Connects to remote host
1/5
Uses encryption API
PUA
https://millennium-bcp.ghe.com/login
2026-01-16T20:04:07.329
malicious
URL
Close
https://millennium-bcp.ghe.com/login
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
Branding image detected via Computer Vision
1/5
Page secured via a Domain Validated SSL certificate
1/5
Content matched by YARA rules
1/5
Page uses exact favicon of a popular online service
Phishing
eMoBkQ8loA3kPcnn.html
2026-01-16T19:37:41.943
malicious
HTML Document
Close
eMoBkQ8loA3kPcnn.html
malicious
SHA256:
9966cea06f0d95b3736cab79041bb6b64276fd23b643295d81c42d180c8e103c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing