MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 283d5eea1f9fc34e351deacc25006fc1997566932fae44db4597c84f1f1f3a30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 283d5eea1f9fc34e351deacc25006fc1997566932fae44db4597c84f1f1f3a30
SHA3-384 hash: 8dee77aa294a42c0154c41ef7abc27ac67913b34aba3e4f7d01f3ca4d3c19aa1e763e7968c7a78d0565f81da1b0f80c6
SHA1 hash: f27eb616865dad9507f9864757daf291a81d6a2b
MD5 hash: c213c54c2744352e2ec18a7bd6ccefc5
humanhash: paris-maryland-april-hotel
File name:repair_ocx.exe
Download: download sample
File size:836'464 bytes
First seen:2022-03-11 23:09:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9643d71697c0e4fd723d9f478958c22c
ssdeep 12288:s1CJtMj2HYSj19Y4+eNjttEmSFl9hYo2XzRr3mAr+nc0N5rKfgCTCpXzWMBTIwiy:KNyHYE9g44mSFlfYoozRDmAic1ovpKT+
Threatray 12 similar samples on MalwareBazaar
TLSH T18705E1E06D5C783AD4B71572BB143A31AEB2A60FF27994CFCCF94611C4FE0993A25258
Reporter JasonMilletary
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249750/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.39194091.32564.12392.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/622bd6cf0cd58dbd9281a004/reports/c9313d40-7a8c-40c5-b4b1-8ecbeebac588/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/07ce1131-7d24-4230-935f-8e271796501c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad.spre
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/955329
Signature
Antivirus detection for dropped file
Changes security center settings (notifications, updates, antivirus, firewall)
Drops executable to a common third party application directory
Drops PE files with benign system names
Hides the Windows control panel from the task bar
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Renames powershell.exe to bypass HIPS
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 587810 Sample: repair_ocx.exe Startdate: 12/03/2022 Architecture: WINDOWS Score: 96 41 Antivirus detection for dropped file 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 Machine Learning detection for sample 2->45 47 3 other signatures 2->47 6 armsvc.exe 2 54 2->6         started        10 repair_ocx.exe 9 2->10         started        12 elevation_service.exe 2->12         started        14 9 other processes 2->14 process3 file4 25 C:\Windows\System32\wbengine.exe, PE32+ 6->25 dropped 27 C:\Windows\System32\wbem\WmiApSrv.exe, PE32+ 6->27 dropped 29 C:\Windows\System32\vds.exe, PE32+ 6->29 dropped 37 105 other files (65 malicious) 6->37 dropped 49 Hides the Windows control panel from the task bar 6->49 51 Changes security center settings (notifications, updates, antivirus, firewall) 6->51 53 Drops executable to a common third party application directory 6->53 31 C:\Windows\System32\alg.exe, PE32+ 10->31 dropped 33 C:\Windows\System32\...\powershell.exe, PE32+ 10->33 dropped 35 DiagnosticsHub.Sta...llector.Service.exe, PE32+ 10->35 dropped 39 15 other files (7 malicious) 10->39 dropped 55 Renames powershell.exe to bypass HIPS 10->55 57 Drops PE files with benign system names 10->57 59 Infects executable files (exe, dll, sys, html) 10->59 16 WerFault.exe 21 16 10->16         started        19 WerFault.exe 16 12->19         started        21 WerFault.exe 16 14->21         started        signatures5 process6 file7 23 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->23 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/283d5eea1f9fc34e351deacc25006fc1997566932fae44db4597c84f1f1f3a30/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2022-03-11 23:10:11 UTC
File Type:
PE (Exe)
AV detection:
12 of 27 (44.44%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
12bf2077585309178ee48876b4a32c87552ec1334236fd0ea8dd8ac80e6579f5
20fdea0c17ffb565895491b930cc6ad3df6ca3cc85780ddda1dad5a0ecd1983b
7aba21bd10b88275b4620021abc90e8d0e5f8f0316e8d8c0b883554afc18f8ae
a2648c0044dd0c910d9176445c297fd3c6f457478c2a4492ab4e504566c053a3
ae4525147a1777b2b22af1f721927ae92b320550127596990648a02d528604c7
b1516cc28d0e6e3f77a8eadd2a7fda7daf746e0a7b27088e016519baf8de0338
f76c4cbfd0f66af33781adf386474e1d00a76d98d822a41fb6092d27c5726cb6
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220311-25qdjacdg2/
Unpacked files
SH256 hash:
283d5eea1f9fc34e351deacc25006fc1997566932fae44db4597c84f1f1f3a30
MD5 hash:
c213c54c2744352e2ec18a7bd6ccefc5
SHA1 hash:
f27eb616865dad9507f9864757daf291a81d6a2b
Link:
https://www.unpac.me/results/668a9519-ef81-4e4d-abaa-799f44095d22/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/283d5eea1f9fc34e351deacc25006fc1997566932fae44db4597c84f1f1f3a30

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 283d5eea1f9fc34e351deacc25006fc1997566932fae44db4597c84f1f1f3a30

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/249750/

Comments


Avatar
Jason Milletary commented on 2022-03-11 23:10:33 UTC

Download via https://suncoastpinball[.]com/wp-admin/maint/repair_ocx.exe