Threat Feed | Online Malware Sandbox

Excel Document

22Wm6MaHRR28Toon.xls

malicious

SHA256: 9842a8bfa5f739186a1e755e8ebd03cfcfedc30cdeaf425cb2d633599846133e

VMRay Threat Identifiers

Severity

Operation

4/5

Possible exploitation attempt

4/5

Abuses MSHTA to execute code

4/5

Connects to remote host

4/5

Attempts to connect through HTTPS

4/5

Document tries to create process

4/5

Exploits a vulnerability in MS Office

4/5

Performs DNS request

2/5

Executes PowerShell without default profile

2/5

Contains known suspicious class identifier

1/5

Query OS Information

Exploit

U2MYZTApkGxawQdf.exe

2026-03-03T20:55:28.412

Windows Exe (x86-64)

U2MYZTApkGxawQdf.exe

malicious

SHA256: f41c1612b202088b0a90937797a2496012ffb6e9c71861ae6ab54e39b4d91459

VMRay Threat Identifiers

Severity

Operation

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

4/5

Modifies Windows Defender configuration

3/5

Modifies native system functions

2/5

Delays execution

2/5

Schedules task

1/5

Resolves API functions dynamically

1/5

Overwrites code

1/5

Drops PE file

1/5

Creates a page with write and execute permissions

1/5

Executes dropped PE file

1/5

Enumerates running processes

1/5

Creates process with hidden window

1/5

Enables process privileges

1/5

Creates mutex

1/5

Reads from memory of another process

Injector

NxMbLwYEuwHGf0Zy.exe

2026-03-03T20:54:46.897

Windows Exe (x86-32)

NxMbLwYEuwHGf0Zy.exe

malicious

SHA256: ffb18d57818dc8cb68e98ad9eb9249fc87f21185590a378da101a66dc5c36dba

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Queries OS info via WMI

1/5

Executes WMI query

1/5

Resolves API functions dynamically

1/5

A monitored process crashed

Backdoor

9H2XgQIaIEn50Gys.exe

2026-03-03T20:53:41.429

Windows Exe (x86-64)

9H2XgQIaIEn50Gys.exe

malicious

SHA256: 411eb9549e9d50bff0631e9da739cc96bdf9900f48f9f6225df289f07bbb81aa

VMRay Threat Identifiers

Severity

Operation

4/5

Modifies Windows Defender configuration

4/5

Modifies control flow of another process

4/5

Writes into the memory of another process

3/5

Modifies native system functions

2/5

Delays execution

2/5

Schedules task

1/5

Resolves API functions dynamically

1/5

Downloads file

1/5

Drops PE file

1/5

Enumerates running processes

1/5

Creates a page with write and execute permissions

1/5

Executes dropped PE file

1/5

Creates process with hidden window

1/5

Enables process privileges

1/5

Creates mutex

1/5

Reads from memory of another process

1/5

Modifies application directory

1/5

Overwrites code

Injector

MJ7XOZNoYHKZ460R.exe

2026-03-03T20:49:56.459

Windows Exe (x86-64)

MJ7XOZNoYHKZ460R.exe

malicious

SHA256: 3de1d37acb9282b9cbf04c32cd55d317a2282e987c40cbf6dd2cdeed514e5bce

VMRay Threat Identifiers

Severity

Operation

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

4/5

Modifies Windows Defender configuration

3/5

Modifies native system functions

2/5

Delays execution

2/5

Schedules task

1/5

Downloads file

1/5

Resolves API functions dynamically

1/5

Overwrites code

1/5

Drops PE file

1/5

Creates a page with write and execute permissions

1/5

Executes dropped PE file

1/5

Enumerates running processes

1/5

Creates process with hidden window

1/5

Enables process privileges

1/5

Creates mutex

1/5

Reads from memory of another process

Injector