Threat Feed | Online Malware Sandbox

Windows Exe (x86-64)

service.exe

malicious

SHA256: a05bf521aa48398ccb4428ebf564cd5c6425b5aa1f530570fac7b711a8f3d401

VMRay Threat Identifiers

Severity

Operation

5/5

XMRig configuration was extracted

5/5

Malicious content matched by YARA rules

4/5

Malicious host or URL detected via reputation

4/5

Malicious file detected via reputation

2/5

Reads network adapter information

2/5

Sets up server that accepts incoming connections

1/5

Performs DNS request

1/5

Enables process privileges

1/5

Enumerates running processes

1/5

Connects to remote host

1/5

Resolves API functions dynamically

1/5

Creates mutex

Backdoor

PUA

Miner

L6lPO0G6AZQT4KWU.exe

2024-04-28T10:59:55.185

Windows Exe (x86-32)

L6lPO0G6AZQT4KWU.exe

malicious

SHA256: 005802da1bc8ec882fe467078704f2fb32975ce8538b3d7c3422b1cfb87bb334

VMRay Threat Identifiers

Severity

Operation

5/5

Makes indirect system call to possibly evade hooking based monitoring

4/5

Malicious host or URL detected via reputation

3/5

Modifies native system functions

3/5

Tries to evade debugger

3/5

Tries to detect the presence of antivirus software

2/5

Tries to detect virtual machine

2/5

Tries to detect a forensic tool

2/5

Queries a host's domain name

2/5

Schedules task

2/5

Delays execution

2/5

Tries to detect debugger

1/5

Creates process with hidden window

1/5

Enumerates running processes

1/5

Overwrites code

1/5

Creates mutex

1/5

Downloads file

1/5

Obfuscates control flow

https://send-us.page-review.com

2024-04-28T10:55:26.969

URL

https://send-us.page-review.com

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Malicious host or URL detected via reputation

2/5

Page is hosted on a recently registered domain

2/5

Page secured via a Domain Validated SSL certificate

1/5

Page presents itself as a logon page

Phishing

Fattura 95759.doc

2024-04-28T10:54:54.809

Word Document

Fattura 95759.doc

malicious

SHA256: d6ba47dba7a4b5d3edbc954990704573281e71239ffd59490f13290d2f19694b

VMRay Threat Identifiers

Severity

Operation

4/5

Document tries to create process

4/5

Connects to a CMS hoster

4/5

Document tries to trick users into running macros

4/5

Attempts to connect through HTTP

4/5

Malicious host or URL detected via reputation

4/5

Performs DNS request

4/5

Connects to remote host

4/5

Malicious file detected via reputation

4/5

Executes encoded PowerShell command

2/5

Suspicious content matched by YARA rules

2/5

Document contains obfuscated macros

2/5

Executes macro on specific event

2/5

Office macro uses an execute function

1/5

Contains suspicious meta data

1/5

Overwrites code

1/5

Contains suspicious Office macro

doc_0429191990189-3829-03-2018.INV#00399.PDF.exe

2024-04-28T10:54:25.661

Windows Exe (x86-32)

doc_0429191990189-3829-03-2018.INV#00399.PDF.exe

malicious

SHA256: 5fb2529b865460bdc505a962532260c522af1255ea05eca105fd68651c60af74

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Combination of other detections shows configuration discovery

5/5

Combination of other detections shows multiple input capture behaviors

4/5

Uses a double file extension

4/5

Malicious file detected via reputation

4/5

Malicious content matched by YARA rules

3/5

Monitors keyboard input

3/5

Modifies native system functions

2/5

Collects hardware properties

2/5

Writes into the memory of a process started from a created or modified executable

2/5

Tries to detect debugger

2/5

Queries OS version via WMI

2/5

Modifies control flow of a process started from a created or modified executable

2/5

Reads network adapter information

2/5

Searches for sensitive browser data

2/5

Searches for sensitive application data

2/5

Searches for sensitive mail data

2/5

Reads sensitive FTP data

2/5

Reads sensitive mail data

1/5

Checks external IP address

1/5

Creates process with hidden window

1/5

Possibly does reconnaissance

1/5

Enables process privileges

1/5

Connects to remote host

1/5

Overwrites code

1/5

Resolves API functions dynamically

1/5

Enumerates running processes

1/5

Creates mutex

1/5

Performs DNS request

1/5

The binary file was created with a packer

Spyware

Keylogger