Threat Feed
service.exe
2024-04-28T11:01:55.249
malicious
Windows Exe (x86-64)
Close
service.exe
malicious
SHA256:
a05bf521aa48398ccb4428ebf564cd5c6425b5aa1f530570fac7b711a8f3d401
VMRay Threat Identifiers
Close
Severity
Operation
5/5
XMRig configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious host or URL detected via reputation
4/5
Malicious file detected via reputation
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
1/5
Performs DNS request
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Resolves API functions dynamically
1/5
Creates mutex
Backdoor
PUA
Miner
L6lPO0G6AZQT4KWU.exe
2024-04-28T10:59:55.185
malicious
Windows Exe (x86-32)
Close
L6lPO0G6AZQT4KWU.exe
malicious
SHA256:
005802da1bc8ec882fe467078704f2fb32975ce8538b3d7c3422b1cfb87bb334
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Malicious host or URL detected via reputation
3/5
Modifies native system functions
3/5
Tries to evade debugger
3/5
Tries to detect the presence of antivirus software
2/5
Tries to detect virtual machine
2/5
Tries to detect a forensic tool
2/5
Queries a host's domain name
2/5
Schedules task
2/5
Delays execution
2/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Overwrites code
1/5
Creates mutex
1/5
Downloads file
1/5
Obfuscates control flow
https://send-us.page-review.com
2024-04-28T10:55:26.969
malicious
URL
Close
https://send-us.page-review.com
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Malicious host or URL detected via reputation
2/5
Page is hosted on a recently registered domain
2/5
Page secured via a Domain Validated SSL certificate
1/5
Page presents itself as a logon page
Phishing
Fattura 95759.doc
2024-04-28T10:54:54.809
malicious
Word Document
Close
Fattura 95759.doc
malicious
SHA256:
d6ba47dba7a4b5d3edbc954990704573281e71239ffd59490f13290d2f19694b
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Document tries to create process
4/5
Connects to a CMS hoster
4/5
Document tries to trick users into running macros
4/5
Attempts to connect through HTTP
4/5
Malicious host or URL detected via reputation
4/5
Performs DNS request
4/5
Connects to remote host
4/5
Malicious file detected via reputation
4/5
Executes encoded PowerShell command
2/5
Suspicious content matched by YARA rules
2/5
Document contains obfuscated macros
2/5
Executes macro on specific event
2/5
Office macro uses an execute function
1/5
Contains suspicious meta data
1/5
Overwrites code
1/5
Contains suspicious Office macro
doc_0429191990189-3829-03-2018.INV#00399.PDF.exe
2024-04-28T10:54:25.661
malicious
Windows Exe (x86-32)
Close
doc_0429191990189-3829-03-2018.INV#00399.PDF.exe
malicious
SHA256:
5fb2529b865460bdc505a962532260c522af1255ea05eca105fd68651c60af74
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Uses a double file extension
4/5
Malicious file detected via reputation
4/5
Malicious content matched by YARA rules
3/5
Monitors keyboard input
3/5
Modifies native system functions
2/5
Collects hardware properties
2/5
Writes into the memory of a process started from a created or modified executable
2/5
Tries to detect debugger
2/5
Queries OS version via WMI
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
2/5
Reads sensitive FTP data
2/5
Reads sensitive mail data
1/5
Checks external IP address
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Enables process privileges
1/5
Connects to remote host
1/5
Overwrites code
1/5
Resolves API functions dynamically
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Performs DNS request
1/5
The binary file was created with a packer
Spyware
Keylogger