MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600
SHA3-384 hash: a9b8b94570dd9b45b3bca46182691237864239ce51677b7c5c50dc68c455a8a02e760dc2cd8f3340e83d0fd012d53048
SHA1 hash: 0ec3158fd0231435119499cd114d7fd6c73a1441
MD5 hash: 0fb5351ee57cc30525ae7c604e644260
humanhash: steak-echo-idaho-delaware
File name:MicrosoftOffice.exe
Download: download sample
File size:141'824 bytes
First seen:2023-04-15 15:55:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d846aef1af688923d1cc71bde576c67f
ssdeep 3072:9uiZM5HwaKFHWWU9QyCtxjGDsNz99kWrUst4BHFa9o89ecJPK5vL:DYH8WWiQyoNBz99kWAt8scJPK5D
Threatray 16 similar samples on MalwareBazaar
TLSH T10FD35C63E2A384DCC59BD2B1568699E3BA35FC6C0230D42F478487343F5BE90AE6C395
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
270
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
MicrosoftOffice.exe
Verdict:
No threats detected
Analysis date:
2023-04-15 15:58:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0c59c088-966e-4308-b1a9-53415f6d0cd9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/382464/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop21.53343.13101.12819.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/79771/overview
Behaviour
MalwareBazaar
GetTempPath
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug shell32.dll
Link:
https://www.filescan.io/uploads/643ac913b4ec50bace605f64/reports/03bd95d6-ea1f-4d9b-86c9-7d69adbd627e/overview
Verdict:
Malicious
Labled as:
Trojan.NuitkaAGeneric.Script
Link:
https://www.hybrid-analysis.com/sample/1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d0dec751-ee62-4633-a134-d4185a621be2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1214379
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 847306 Sample: MicrosoftOffice.exe Startdate: 15/04/2023 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 MicrosoftOffice.exe 2->6         started        process3 process4 8 WerFault.exe 20 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-04-15 15:56:05 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dui4tbnlivwroyyc6qicua4rar4eg543lxwd6oattzyy43lykyaa._file
Verdict:
unknown
Similar samples:
001f9d34e694a3d6e301a4e660f2d96bc5d6aa6898f34d441886c6f9160d9e48
348f79dc98ed91d11dea91d8295eac25cbd8a67daaa52ab0120708d2c7bde40c
3fe6c3edb6593444aaed9ae78a6164a3c98a10a32012d32c35ca4aa987db2c61
563aedec5563a6139918e8871cc2e7e784a3bf13d0873186f67e0b24463f4f8a
6399814e06253b852792dccb2e02cd468233cf5ada2ed39e5f7202e8d24f8901
a880ebe9be4e9888ac2faa331c390b5d477fc828bf2e677e003d3adf74f4e9ec
c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6
cf68ac02858c0053067b47b24338b564aeb92f25310765a2bad8928174285a62
db9a6efd5d64ba0ba1783c51b6d430873518fa032bf5265c6837c7674321e183
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230415-tdb3tsgc4s/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600
MD5 hash:
0fb5351ee57cc30525ae7c604e644260
SHA1 hash:
0ec3158fd0231435119499cd114d7fd6c73a1441
Link:
https://www.unpac.me/results/44aed84f-ad43-4f2c-8808-a5737c3d42ea/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/1d11c985ab456d176302f4102a0391047843779b5dec3f38139e718e6d785600

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/382464/

Comments