MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 207b5ac6c78b23922be438ba29bce1a4fd73bb5748906c594f13eaa8b597c284. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 207b5ac6c78b23922be438ba29bce1a4fd73bb5748906c594f13eaa8b597c284
SHA3-384 hash: 538d5645aab17515566cddc429a35619e74301ab3158d6ee169c92222d8b84731a320787331239b4318f1e07aee5c76e
SHA1 hash: 1a83934d8a349222b5869ddb0ad096135a955c27
MD5 hash: 44a6812e4e59737b2f8afcc130a0889a
humanhash: edward-nitrogen-mobile-lion
File name:www.exe
Download: download sample
File size:214'016 bytes
First seen:2021-12-22 05:31:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab4439f8141e4e4f857bf84edbc972e7
ssdeep 6144:JFAiqdHAfQpq+t5LqRCPTipr0DelGMWz:JFPGHxA+tlqwipJW
Threatray 773 similar samples on MalwareBazaar
TLSH T1BD24CF333BD5CCF6D25B127A485DA3EDC3BAE4714F6253B3A394528F6F2C8809961192
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
www.exe
Verdict:
Malicious activity
Analysis date:
2021-12-22 05:19:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce13829b-8f54-45ef-9ee5-22413dc578f1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/215734/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Sending an HTTP GET request
DNS request
Changing a file
Modifying an executable file
Running batch commands
Modifying a system executable file
Сreating synchronization primitives
Creating a window
BSOD occurred
Forced shutdown of a system process
Enabling autorun by creating a file
Encrypting user's files
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2908/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
filecoder greyware packed razy
Link:
https://www.filescan.io/uploads/61c2b8564ab5c44cbf4c5363/reports/ec1c3dbb-ee10-4689-b367-3b36bedf5a79/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/38074639-c08e-479e-bff3-d68543413fbd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.expl
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/911370
Signature
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Performs an instant shutdown (NtRaiseHardError)
Sigma detected: Drops script at startup location
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/207b5ac6c78b23922be438ba29bce1a4fd73bb5748906c594f13eaa8b597c284/
Threat name:
Win32.Ransomware.FileCryptor
Create hunting rule
Status:
Malicious
First seen:
2021-12-22 05:32:09 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
40aa6aeab7d3af11f53ddda96690c31e5b5619c4c0b1791a62f5121c65c4ad0d
479a213e45cbdf1d7c2ce6d1fa124f334aac2ccd4111b530177cc6d887f9bc46
4dd710964bb7577921fff55993ac0f007e489bb609fcf6ea50f5f949baa8504b
62540ba573e873b816d3d956132804254a23207e6bfc9f7a371a68f5aa8090ce
6776c42da9ff39df7f76649d5ad287ff628790e84c7bebf325cb9b8c2e74aeb2
6f1a5ee41d16c1ba7310b225e1b3b448e23f2eb1e4a84098555daf28473e4255
92d244554671489e469aa000c0a2bb2e5483ed5e30858c4a0f9a745532c19a07
9f7fd0ad05c3b8f6d3945a0753b7b20fc53528cfbf7c8b4a2ab7f49795937b44
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
dc67579f0bd76303b5133e1daaf9c576dd4f3f429ed41a9b0af2dd45736685de
+ 763 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211222-f8allafgeq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops desktop.ini file(s)
Drops startup file
Unpacked files
SH256 hash:
7508c1190639c9fcd134768b141e92f04082273e588187c93a238e1b96d54617
MD5 hash:
d5b85f5e49eeeb32b5fc6525292fb071
SHA1 hash:
e9d5ac20273d5a66932d3eaa485704290e8600ca
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
8d344fac8ccfe0236edf57ee1e535a2a28f74ada1a86f221b41612746bd76e44
MD5 hash:
3927e77e5b6754109cb3adfa4ef17d2d
SHA1 hash:
fad261ff66a0def14fb6551f9e27b3d51f08a196
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
7ace25b736ec1d609bfc0ad62baccaef25078e72f7023ec8f088add8667324f0
MD5 hash:
f8007312406eab2ba86072e6e16f196c
SHA1 hash:
c780dd1bbade2fdc3144ba169d13962576efd8a4
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
68208a7d95b57210abbdc09a208337cf46a286634680edec5d2ada3543275438
MD5 hash:
0fc71f64b931f6f11d5b5c21a463b56d
SHA1 hash:
a47f01043a18175068cdcdba4b06d247a78c4448
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
86749cf7de318a749c4550d532bd2184c399c95b6bd2c0a2f62dc9f1f698820c
MD5 hash:
65b8f2668a8c935ba00cd651c77d2fd7
SHA1 hash:
8c8af1582370010691296b9aceefcc0e6e176fdf
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
75094028dd88b440053654631edbd8c2a7386d5a85b2416bb02496f8670c51e8
MD5 hash:
a74594c977f67391b4787f7124431a9a
SHA1 hash:
2fe933e1acd2310124e2d817521ea73fadc37f20
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
SH256 hash:
207b5ac6c78b23922be438ba29bce1a4fd73bb5748906c594f13eaa8b597c284
MD5 hash:
44a6812e4e59737b2f8afcc130a0889a
SHA1 hash:
1a83934d8a349222b5869ddb0ad096135a955c27
Link:
https://www.unpac.me/results/53295cbc-7081-47cd-9ab6-c2e039cf15b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/207b5ac6c78b23922be438ba29bce1a4fd73bb5748906c594f13eaa8b597c284

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 207b5ac6c78b23922be438ba29bce1a4fd73bb5748906c594f13eaa8b597c284

(this sample)

anyrun
any.run
https://app.any.run/tasks/ce13829b-8f54-45ef-9ee5-22413dc578f1
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/215734/

Comments