MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d
SHA3-384 hash: b6f3394fa3df3906e848fb9da8b1f6319d6bd806204df38a930b4b47dd1e9b7f2794288da39caa810847f66f086fa69d
SHA1 hash: 9692b70c6b072b6153e490c98360a2ecdbdf0783
MD5 hash: 77ef95fbb1df302f18e7de1f74a7e18f
humanhash: glucose-beryllium-salami-fish
File name:WindowsUpdateService.ps1
Download: download sample
File size:1'499 bytes
First seen:2025-07-25 08:05:14 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 24:OyVPd8mhodJHzaXOnXWpmXyhenXWpNhIv/d8FaX9/JKMcV+xEjdgE6vOR0teih2T:OyVPDhoLHza+nXRihenXchLFatQ1+8dD
TLSH T19F319E2C9A71FCE4037DB464C4362D4320D49E17DB784678D95208366DA4646EF3F44C
Magika powershell
Reporter smica83
Tags:ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68833ac50b4775fb2130bbbb
Tags:
ransomware obfuscate xtreme
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 powershell
Link:
https://www.filescan.io/uploads/68833ace9a3e76300b06f63f/reports/65232be6-2c78-4441-b908-5bd0cffd741e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d
Result
Threat name:
n/a
Detection:
malicious
Classification:
bank.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1744008
Signature
AI detected malicious Powershell script
Encrypted powershell cmdline option found
Joe Sandbox ML detected suspicious sample
Malicious encrypted Powershell command line found
Sigma detected: PowerShell Base64 Encoded Invoke Keyword
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Behaviour
Behavior Graph:
Download SVG
Score:
86%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d/
Verdict:
Malicious
Threat:
Trojan-Spy.Stealer.TCP
Link:
https://tip.neiki.dev/file/0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bpha4ijwsajav7euwuzzbwj2rb2fmlpf3xgfkeohxg45sxhyufoq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/250725-jy2twaysbx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 0bce0e213690120afc94b53390d93a8874562de5ddcc5511c7b9b9d95cf8a15d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3589408/
  
Delivery method
Distributed via web download

Comments