MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931
SHA3-384 hash: 0c8e9c686d56c1a3ccb434454561c3ac00009e107866cea6b13451ca8fd9d9fe88716824aea6a578cf7f617bcaaa8d38
SHA1 hash: ee420fdd4618dc7499854467837c08e08c95cfa8
MD5 hash: c72f714212195aaf24432560a5aa3a57
humanhash: failed-lithium-mobile-don
File name:c72f714212195aaf24432560a5aa3a57
Download: download sample
File size:18'183 bytes
First seen:2022-06-29 08:40:02 UTC
Last seen:2022-08-18 00:15:26 UTC
File type:Word file docx
MIME type:application/octet-stream
ssdeep 384:9Wtae3fmjUcXzFHZ8NOtPxXYtR7RM+Ye69RxZ05SdiEGIzP:oU2ejfXz38NVXRM+Ye+xZtiEGIj
TLSH T16882CF29A6E7EC27D623183C6A0919E2E51945CFD157EA47131C62EFCB2FD042734D89
TrID 51.0% (.DOCX) Word Microsoft Office Open XML Format document (23500/1/4)
38.0% (.ZIP) Open Packaging Conventions container (17500/1/4)
8.6% (.ZIP) ZIP compressed archive (4000/1)
2.1% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter zbetcheckin
Tags:zip

Intelligence

File Origin
# of uploads :
4
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c72f714212195aaf24432560a5aa3a57.docx.vir
Verdict:
Malicious activity
Analysis date:
2022-06-30 02:34:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0b861eda-5248-4009-9f29-840560cc6d30

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
File type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document
Has a screenshot:
False
Contains macros:
False
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Result
Verdict:
Malicious
File Type:
OOXML Word File with Embedding Objects
Link:
https://app.docguard.net/00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931/results/dashboard
Payload URLs
URL
File name
7.3.3.2
app.xml
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/62bc1022114aa383d0ec17c6/reports/53567af7-ae96-44bc-bc09-659455eaa9d1/overview
Label:
Malicious
Suspicious Score:
9.6/10
Score Malicious:
97%
Score Benign:
3%
Link:
https://www.malware.ai/gui/files/?id=a316c90b-2d67-46b9-9caa-655833e2c84a
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931
Details
Document With No Content
Document contains little or no semantic information.
External Relationship Element
Document contains an externally hosted relationship, which fetches further content.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1021791
Signature
Contains an external reference to another file
Detected suspicious Microsoft Office reference URL
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931/
Threat name:
Document-Office.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2022-06-29 08:41:04 UTC
File Type:
Document
Extracted files:
22
AV detection:
12 of 26 (46.15%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=adnxmmfhf3iyitc4lqojthm2wuxqth5pxj7mhhro6pnxlo3uxeyq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220629-lv22ksacb8/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Office loads VBA resources, possible macro or embedded object present
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Word file docx 00db7630a72ed1844c5c5c1c999d9ab52f099fafba7ec39e2ef3db75bb74b931

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2252345/

Comments


Avatar
zbet commented on 2022-06-29 08:40:06 UTC

url : hxxps://consumerfinanceguide.com/blog/index/The%20future%20of%20occ%20mettings%20in%202022.docx