Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

quotation request.exe

malicious

SHA256: b2f86548e79e39fc2ec1becb9891580a4f9e1fb308e4809fbf26c6af705f710e

VMRay Threat Identifiers

Severity

Operation

5/5

DarkCloud configuration was extracted

5/5

Malicious content matched by YARA rules

2/5

Searches for sensitive application data

2/5

Suspicious content matched by YARA rules

2/5

Searches for sensitive mail data

2/5

Searches for sensitive FTP data

1/5

Resolves API functions dynamically

1/5

Possibly does reconnaissance

1/5

Creates a page with write and execute permissions

Spyware

X7Cc9Dc11q8Omr1I.exe

2026-06-04T16:51:07.438

Windows Exe (x86-32)

X7Cc9Dc11q8Omr1I.exe

malicious

SHA256: ba8d38575e15f2a8a3c819d3f2e189acdf9249c99240236c8be4f96d7284530d

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections shows multiple input capture behaviors

5/5

Malicious content matched by YARA rules

5/5

QuasarRAT configuration was extracted

3/5

Monitors keyboard input

3/5

Performs DNS request for known DDNS domain

2/5

Collects BIOS properties

2/5

Executes PowerShell without default profile

2/5

Schedules task

2/5

Hides files

2/5

Queries OS info via WMI

2/5

Collects hardware properties

1/5

Executes PowerShell commands

1/5

Downloads executable

1/5

Performs DNS request

1/5

Enumerates running processes

1/5

Accesses volumes directly

1/5

Creates process with hidden window

1/5

Query OS Information

1/5

Accesses Microsoft Security Software registry keys

1/5

Creates mutex

1/5

Enables process privileges

1/5

Connects to remote host

1/5

Tries to connect using an uncommon port

1/5

Resolves API functions dynamically

Spyware

Backdoor

Downloader

goodformulafodme.hta

2026-06-04T16:50:14.735

HTML Application

goodformulafodme.hta

malicious

SHA256: 02fca8837852c3cbb9774f065e44401971f68b48205f7cd788ea8a8de6cfb0d3

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Monitors user input

5/5

Remcos configuration was extracted

5/5

Monitors keyboard input

5/5

Combination of other detections shows multiple input capture behaviors

4/5

Reads from memory of another process

4/5

Process Hollowing

4/5

Attempts to connect through HTTP

4/5

Writes into the memory of another process

3/5

Captures clipboard data

3/5

Delays execution

3/5

Bypasses PowerShell execution policy

3/5

Performs DNS request for known DDNS domain

3/5

Suspicious content matched by YARA rules

2/5

Executes PowerShell without default profile

2/5

Suspicious content matched by YARA rules

2/5

Performs DNS request

2/5

Tries to detect debugger

2/5

Tries to connect using an uncommon port

1/5

Connects to remote host

1/5

Accesses Microsoft Security Software registry keys

1/5

Creates mutex

1/5

Query OS Information

1/5

Unusual large memory allocation

1/5

Enumerates running processes

Spyware

Backdoor

Keylogger

Injector

4567.exe

2026-06-04T16:36:29.290

Windows Exe (x86-32)

4567.exe

malicious

SHA256: 2c45ef1aff188cb3600acc5ab6909b3512d63c5aef72374a24d6c68c2280f82d

VMRay Threat Identifiers

Severity

Operation

5/5

Tries to read cached credentials of various applications

5/5

Malicious content matched by YARA rules

5/5

Combination of other detections shows multiple input capture behaviors

3/5

Takes screenshot

3/5

Tries to detect the presence of antivirus software

2/5

Queries OS info via WMI

2/5

Searches for sensitive application data

2/5

Searches for sensitive browser data

2/5

Searches for sensitive mail data

2/5

Reads sensitive mail data

2/5

Reads sensitive browser data

2/5

Sets up server that accepts incoming connections

2/5

Suspicious content matched by YARA rules

1/5

Enumerates running processes

1/5

Connects to remote host

1/5

Downloads file

1/5

Uses encryption API

1/5

Tries to connect using an uncommon port

1/5

Content matched by YARA rules

1/5

Query OS Information

1/5

Possibly does reconnaissance

1/5

Resolves API functions dynamically

1/5

Enables process privileges

1/5

Creates mutex

Spyware

Backdoor

goodthingsforbetterperson.hta

2026-06-04T16:35:43.894

HTML Application

goodthingsforbetterperson.hta

malicious

SHA256: 5921ef6e620da05f3394694044198047cc0305a6d9a49055285757df92ba1afc

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections shows multiple input capture behaviors

5/5

Monitors keyboard input

5/5

Monitors user input

4/5

Process Hollowing

4/5

Attempts to connect through HTTP

4/5

Writes into the memory of another process

4/5

Reads from memory of another process

3/5

Delays execution

3/5

Bypasses PowerShell execution policy

3/5

Captures clipboard data

3/5

Suspicious content matched by YARA rules

2/5

Performs DNS request

2/5

Tries to detect debugger

2/5

Tries to connect using an uncommon port

2/5

Executes PowerShell without default profile

2/5

Suspicious content matched by YARA rules

1/5

Enumerates running processes

1/5

Accesses Microsoft Security Software registry keys

1/5

Creates mutex

1/5

Query OS Information

1/5

Connects to remote host

1/5

Unusual large memory allocation

Spyware

Keylogger

Injector