Threat Feed | Online Malware Sandbox

URL

https://att-104858-109397.weeblysite.com

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Branded Logon form detected via Computer Vision

2/5

Page is served from a service commonly used for temporary hosting

1/5

Page secured via a Domain Validated SSL certificate

1/5

Resource is loaded from a service commonly used for temporary hosting

1/5

Content matched by YARA rules

Phishing

W9hawIEqVmfB4nU1.dll

2025-11-14T01:53:15.892

Windows DLL (x86-32)

W9hawIEqVmfB4nU1.dll

malicious

SHA256: 5e2dea1c7b5599a648dc91e2e29f19c9f8dbcb2483ff73fc380b5e481ae3ff75

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Delays execution

1/5

Connects to remote host

1/5

Installs system service

1/5

Drops PE file

1/5

Modifies operating system directory

1/5

Executes dropped PE file

1/5

Creates process with hidden window

Ransomware

Worm

smNoGPU.malware.exe

2025-11-14T01:53:07.547

Windows Exe (x86-64)

smNoGPU.malware.exe

malicious

SHA256: 7a1ce7981617497fe17c998698146437831520e9ab4dd5c454097ccf061f093e

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Combination of other detections shows configuration discovery

4/5

Loads a known vulnerable file

4/5

Writes into the memory of another process

3/5

Performs DNS request for known DDNS domain

3/5

Executes code with kernel privileges

2/5

Enumerates running processes

2/5

Sends control codes to a driver

2/5

Delays execution

2/5

Creates an unusually large number of processes

2/5

Sets up server that accepts incoming connections

2/5

Makes direct system call to possibly evade hooking based monitoring

2/5

Schedules task

2/5

Reads network adapter information

2/5

Collects hardware properties

1/5

Enables process privileges

1/5

Performs DNS request

1/5

Unusual large memory allocation

1/5

Query OS Information

1/5

Reads from memory of another process

1/5

Enumerates running processes

1/5

Creates mutex

1/5

Tries to connect using an uncommon port

1/5

Content matched by YARA rules

1/5

Connects to remote host

1/5

Resolves API functions dynamically

PUA

Miner

Injector

newest.exe

2025-11-14T01:51:25.658

Windows Exe (x86-32)

newest.exe

malicious

SHA256: f7d6620bb4563813c9ea7ee6c336b33e8dae30bc4c9a5128ca21b93e64f988ec

VMRay Threat Identifiers

Severity

Operation

5/5

QuasarRAT configuration was extracted

5/5

Malicious content matched by YARA rules

4/5

Obscures a file's origin

3/5

Monitors keyboard input

3/5

Injects a file into another process

2/5

Schedules task

2/5

Schedules task via schtasks

2/5

Hides files

1/5

Enables process privileges

1/5

Creates mutex

1/5

Creates process with hidden window

1/5

Connects to remote host

1/5

Query OS Information

1/5

Tries to connect using an uncommon port

1/5

Resolves API functions dynamically

Backdoor

file.exe

2025-11-14T01:28:19.056

Windows Exe (x86-64)

file.exe

malicious

SHA256: 7b625384c79e693390972a871458728ad2db326306b30ab0a8c6c540462cb9fe

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections shows multiple input capture behaviors

5/5

Vidar configuration was extracted

5/5

Malicious content matched by YARA rules

4/5

Writes into the memory of another process

4/5

Malicious content matched by YARA rules

4/5

Modifies control flow of another process

3/5

Takes screenshot

3/5

Reads installed applications

3/5

Uses HTTP to upload a large amount of data

2/5

Tries to detect debugger

2/5

Searches for sensitive browser data

2/5

Searches for sensitive mail data

2/5

Allows invalid SSL certificates

2/5

Reads sensitive browser data

2/5

Tries to detect virtual machine

2/5

Suspicious content matched by YARA rules

1/5

Creates process with hidden window

1/5

Possibly does reconnaissance

1/5

Resolves API functions dynamically

1/5

Overwrites code

1/5

Enumerates running processes

1/5

A monitored process crashed

1/5

Query CPU Properties

1/5

Reads system data

1/5

Query OS Information

1/5

Creates a page with write and execute permissions

Spyware

Injector

Stealer