MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2
SHA3-384 hash: 20844263919c1fde0647bdd5a1eb01ae7cb32829b9cd26a5e53bf723eef2c45080701b23798e83705e5feb7abfed9a69
SHA1 hash: bc9161f8915eff42130a023960fd444122455adb
MD5 hash: 713c7ea86f0f6138d2d70cea8a921393
humanhash: berlin-violet-moon-speaker
File name:952abcd7-56a6-429c-8360-c142a.hta
Download: download sample
File size:9'582 bytes
First seen:2026-06-11 21:07:26 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:3aqwBGjGNygwY/bmoOGYLpf0Sx8KDvq2TOaetdZEBqIGKgRBJ:3axBGjGNjwY/bLk9f0SxRDvTOaetdZE8
TLSH T17A12EAF16238B4AE032149ED3FADC48C5980F5A6A04C4E28FD4C774987A72B155F77AB
Magika html
Reporter johnk3r
Tags:client08-com hta prohoster-caiao-com-br verimail-agrobrasilnegocios-com

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Script.SNH-gen.75677459.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Script.SNH-gen.68965846.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Script.SNH-gen.73153835.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2b239934eaf30d8ce4fba1
Tags:
shell sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin msiexec obfuscated
Link:
https://www.filescan.io/uploads/6a2b2394bf16337e43c2645e/reports/629fe3cf-973d-4124-8b1d-7e4fc93a476d/overview
Verdict:
Malicious
Labled as:
GT:VB.ObfDldr.31
Link:
https://www.hybrid-analysis.com/sample/2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2
Verdict:
Malicious
File Type:
hta
First seen:
2026-06-11T18:15:00Z UTC
Last seen:
2026-06-12T18:39:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Generic Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1926894
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Legitimate Application Dropped Script
Sigma detected: Suspicious MSHTA Child Process
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1926894 Sample: 952abcd7-56a6-429c-8360-c142a.hta Startdate: 11/06/2026 Architecture: WINDOWS Score: 56 27 ms.ggrohs.com 2->27 29 mr-b01.tm-azurefd.net 2->29 31 casoneroutegold-prod-bggfgca0dkaag8a8.b01.azurefd.net 2->31 37 Multi AV Scanner detection for submitted file 2->37 39 Sigma detected: Suspicious MSHTA Child Process 2->39 41 Sigma detected: Legitimate Application Dropped Script 2->41 9 mshta.exe 2 2->9         started        signatures3 process4 file5 25 C:\Users\user\AppData\...\RaPIDocaLlnET.bAT, ASCII 9->25 dropped 12 cmd.exe 1 9->12         started        14 curl.exe 2 9->14         started        process6 dnsIp7 17 cmd.exe 1 12->17         started        19 conhost.exe 12->19         started        33 ms.ggrohs.com 104.21.10.38, 443, 49715 CLOUDFLARENET-CloudflareIncUS Canada 14->33 35 127.0.0.1 unknown unknown 14->35 21 conhost.exe 14->21         started        process8 process9 23 msiexec.exe 17->23         started       
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2/
Verdict:
Malicious
Threat:
Trojan.JS.SAgent
Link:
https://tip.neiki.dev/file/2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-11 21:08:35 UTC
File Type:
Text (VBS)
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f57kmokao4zn7xeotxbn4hw574uhvgju4jcncgygab3p6sbf6hba._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/260611-zy3deadw5z/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2f7ea639407732dfdc8e9dc2de1eddff287a9934e244d11b060076ff4825f1c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments