Threat Feed | Online Malware Sandbox

Windows Exe (x86-64)

VAUshILfMkfQ4K7c.exe

malicious

SHA256: 312651dbc4047fec4b1081c285abc71e184c37ccad974ece147e190ee5ebd2ad

VMRay Threat Identifiers

Severity

Operation

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

4/5

Modifies Windows Defender configuration

3/5

Modifies native system functions

2/5

Delays execution

2/5

Schedules task

1/5

Resolves API functions dynamically

1/5

Overwrites code

1/5

Drops PE file

1/5

Creates a page with write and execute permissions

1/5

Executes dropped PE file

1/5

Enumerates running processes

1/5

Creates process with hidden window

1/5

Enables process privileges

1/5

Creates mutex

1/5

Reads from memory of another process

Injector

https://spotifylogin-pha5m9wlk-gasstontorres.vercel.app

2026-03-01T20:28:01.953

URL

https://spotifylogin-pha5m9wlk-gasstontorres.vercel.app

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page is served from a service commonly used for temporary hosting

2/5

Page title matches the name of a popular online service

1/5

Resource is loaded from a service commonly used for temporary hosting

1/5

Page presents itself as a logon page

1/5

Page secured via a Domain Validated SSL certificate

Phishing

6Su7NEU8wB3CEbJw.exe

2026-03-01T20:18:10.793

Windows Exe (x86-64)

6Su7NEU8wB3CEbJw.exe

malicious

SHA256: 381dba899a91b019644c8d8ed8063643c8f2d9b1eadcc311c95050a1795de825

VMRay Threat Identifiers

Severity

Operation

4/5

Modifies Windows Defender configuration

4/5

Modifies control flow of another process

4/5

Writes into the memory of another process

3/5

Modifies native system functions

2/5

Delays execution

2/5

Schedules task

1/5

Resolves API functions dynamically

1/5

Overwrites code

1/5

Creates mutex

1/5

Enables process privileges

1/5

Creates process with hidden window

1/5

Drops PE file

1/5

Enumerates running processes

1/5

Creates a page with write and execute permissions

1/5

Executes dropped PE file

1/5

Reads from memory of another process

Injector

RzigWZJM8DeOENEu.exe

2026-03-01T20:11:22.009

Windows Exe (x86-64)

RzigWZJM8DeOENEu.exe

malicious

SHA256: 78636ff27400171dd392e69542468eba81b180b8266afba13dbc5c7197fb479a

VMRay Threat Identifiers

Severity

Operation

4/5

Makes indirect system call to possibly evade hooking based monitoring

4/5

Modifies control flow of another process

4/5

Writes into the memory of another process

4/5

Malicious content matched by YARA rules

3/5

Tries to open an unusually high number of parallel network connections

2/5

Tries to detect analyzer sandbox

2/5

Queries a host's domain name

2/5

Delays execution

2/5

Tries to detect virtual machine

1/5

Creates a page with write and execute permissions

1/5

Resolves API functions dynamically

1/5

A monitored process crashed

1/5

Creates process with hidden window

1/5

Tries to detect debugger

1/5

Enumerates running processes

Injector

g0lBvJ1bmVCict61.exe

2026-03-01T20:06:24.156

Windows Exe (x86-32)

g0lBvJ1bmVCict61.exe

malicious

SHA256: 6bfd3d0c792564854e9f31b74e2e9e5843d326af16c64cc3ef63674a39ea47cb

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

1/5

The binary file was created with a packer

1/5

Timestamp manipulation

1/5

Creates a page with write and execute permissions

1/5

Resolves API functions dynamically

1/5

Drops PE file

1/5

Creates process with hidden window

Trojan