Threat Feed
00003fb6474457074fc662ae647771c26bcc0b5c6ab4db07ecfd7e3e7ad0722b.exe
2026-07-07T16:30:13.721
malicious
Windows Exe (x86-64)
Close
00003fb6474457074fc662ae647771c26bcc0b5c6ab4db07ecfd7e3e7ad0722b.exe
malicious
SHA256:
00003fb6474457074fc662ae647771c26bcc0b5c6ab4db07ecfd7e3e7ad0722b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
All network connection attempts failed
2/5
Deletes file after execution
1/5
URL contains a TLD highly associated with phishing
1/5
Resolves API functions dynamically
1/5
Detects filename manipulation
8ff022a331f9cf227223d0c6e186240d794da26da3c2445306838930372e9e9c.exe
2026-07-07T16:28:41.681
malicious
Windows Exe (x86-32)
Close
8ff022a331f9cf227223d0c6e186240d794da26da3c2445306838930372e9e9c.exe
malicious
SHA256:
8ff022a331f9cf227223d0c6e186240d794da26da3c2445306838930372e9e9c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies Windows Defender configuration
4/5
Process Hollowing
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Tries to detect kernel debugger
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
A monitored process crashed
1/5
Reads from memory of another process
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
Spyware
Injector
15843d9243211c1f508b14d441581afdd3426bc174f1aab04dd3e0a5b886bfac.exe
2026-07-07T16:28:20.739
malicious
Windows Exe (x86-32)
Close
15843d9243211c1f508b14d441581afdd3426bc174f1aab04dd3e0a5b886bfac.exe
malicious
SHA256:
15843d9243211c1f508b14d441581afdd3426bc174f1aab04dd3e0a5b886bfac
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
VIPKeylogger configuration was extracted
4/5
Modifies Windows Defender configuration
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Malicious content matched by YARA rules
4/5
Process Hollowing
3/5
Bypasses PowerShell execution policy
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
1/5
Content matched by YARA rules
1/5
Reads from memory of another process
1/5
Performs DNS request
1/5
Accesses Microsoft Security Software registry keys
1/5
Queries system time
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Connects to remote host
1/5
Checks external IP address
Spyware
Injector
691222b4c38e383696cb58c5f3559186c4ece70a2c61214a126eec1df135d520.exe
2026-07-07T16:27:08.909
malicious
Windows Exe (x86-32)
Close
691222b4c38e383696cb58c5f3559186c4ece70a2c61214a126eec1df135d520.exe
malicious
SHA256:
691222b4c38e383696cb58c5f3559186c4ece70a2c61214a126eec1df135d520
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
XWorm configuration was extracted
4/5
Modifies Windows Defender configuration
4/5
Process Hollowing
3/5
Tries to detect the presence of antivirus software
3/5
Bypasses PowerShell execution policy
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Deletes file after execution
2/5
Schedules task
2/5
Queries OS info via WMI
2/5
Collects hardware properties
1/5
Accesses Microsoft Security Software registry keys
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Installs system startup script or application
1/5
Queries system time
1/5
Connects to remote host
Spyware
Injector
zazc.exe
2026-07-07T16:26:37.088
malicious
Windows Exe (x86-64)
Close
zazc.exe
malicious
SHA256:
af62fd9b1b04102de52d06b2c56fe0a87219e4bde4c278e5969f3398daeed515
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Captures clipboard data
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
2/5
Queries OS info via WMI
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Collects hardware properties
2/5
Queries a host's domain name
1/5
Query Firmware Information
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Unusual large memory allocation
1/5
Resolves API functions dynamically
Spyware