Threat Feed | Online Malware Sandbox

URL

https://www-currently-sign-in-3f5735.webflow.io

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page is served from a service commonly used for temporary hosting

2/5

Branded Logon form detected via Computer Vision

1/5

Page presents itself as a logon page

1/5

Branding image detected via Computer Vision

1/5

Page secured via a Domain Validated SSL certificate

Phishing

mORGikwEPq8lw5Ew.exe

2026-06-05T15:56:42.972

Windows Exe (x86-32)

mORGikwEPq8lw5Ew.exe

malicious

SHA256: f60cd429232a6d0a5b69b16d051fa884cd6f15144dc4875df7fe53355b9b1b63

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Allows invalid SSL certificates

2/5

Enables critical process privileges

1/5

Enumerates running processes

1/5

Installs system service

1/5

Performs DNS request

1/5

Connects to remote host

1/5

URL contains a TLD highly associated with phishing

1/5

A monitored process crashed

1/5

Drops PE file

1/5

Enables process privileges

1/5

Executes dropped PE file

1/5

Modifies operating system directory

1/5

Creates mutex

Ransomware

58U9M9QThEATsejY.exe

2026-06-05T15:56:17.160

Windows Exe (x86-32)

58U9M9QThEATsejY.exe

malicious

SHA256: 7b8a4f2513f9b7a32ab25b9670b70d3007e048202ec151b9ac735d400c66cbdd

VMRay Threat Identifiers

Severity

Operation

5/5

Writes to Master Boot Record (MBR)

3/5

All network connection attempts failed

2/5

Sends control codes to a driver

2/5

Accesses physical drive

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Creates process with hidden window

1/5

Executes dropped PE file

1/5

Enumerates running processes

1/5

Creates a page with write and execute permissions

1/5

Accesses volumes directly

paUpQwP1yX1YqFzi.exe

2026-06-05T15:55:40.164

Windows Exe (x86-32)

paUpQwP1yX1YqFzi.exe

malicious

SHA256: 6980019959ad6e864d4ce09dbd26d24fa361eed099cd38baf54b60be87e10dfc

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections shows multiple input capture behaviors

5/5

Malicious content matched by YARA rules

5/5

Modifies Windows automatic backups

4/5

Disables a crucial system tool

4/5

Tries to disable antivirus software

4/5

Blocks network connection to security products

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

4/5

Malicious content matched by YARA rules

4/5

Bypasses Windows User Account Control (UAC)

3/5

Disables a crucial system service

3/5

Injects a file into another process

3/5

Takes screenshot

3/5

Monitors keyboard input

2/5

Sets up server that accepts incoming connections

2/5

Searches for sensitive password manager data

2/5

Modifies Windows Firewall configuration

2/5

Executes PowerShell without default profile

2/5

Executes PowerShell with hidden window

2/5

Schedules task

2/5

Locks the Windows desktop

2/5

Hides files

2/5

Searches for sensitive browser data

2/5

Query OS Information

2/5

Queries a host's domain name

2/5

Changes the desktop wallpaper

2/5

Searches for sensitive remote access configuration data

1/5

Executes WMI query

1/5

Installs system startup script or application

1/5

Query OS Information

1/5

Modifies operating system directory

1/5

Creates process with hidden window

1/5

Monitors keyboard input

1/5

Enumerates running processes

1/5

Creates a page with write and execute permissions

1/5

Enables process privileges

1/5

Creates mutex

1/5

Reads from memory of another process

1/5

Performs DNS request

1/5

Connects to remote host

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Accesses Microsoft Security Software registry keys

Spyware

Ransomware

Injector

lAU1aOY8NXE90dY6.exe

2026-06-05T15:55:08.507

Windows Exe (x86-32)

lAU1aOY8NXE90dY6.exe

malicious

SHA256: ab6bbf01314b6386b4572c72d5cbbbf91f29f0d33ab8da7e60ec5550ba550a19

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Known malicious mutex name is created

2/5

Deletes file after execution

2/5

Delays execution

1/5

Modifies operating system directory

1/5

Executes dropped PE file

1/5

Drops PE file

1/5

Installs system startup script or application

1/5

Creates process with hidden window

1/5

Resolves API functions dynamically

Spyware

Trojan