MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607
SHA3-384 hash: 51598a170f906d8d082dd80f765c6c2d2d78fbac859fb99a586d9e53293f8361142121016c9093ddc3727861301dc9c7
SHA1 hash: d65d5cbd4af110cf1d60602e49ed5bcec46585f6
MD5 hash: 503ef2150bd7a60b399fe4b9723cd967
humanhash: carpet-freddie-fourteen-alaska
File name:inv.bat
Download: download sample
File size:2'517 bytes
First seen:2025-04-23 08:08:20 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 48:j4k3qNuHJm2Mu6pwKGS2shWE9KGnKGIH50h3wQohJBncK4rehiLK48UPwCK4g0SV:j4k3jpO4KFRKeKvZ6wQbKmLKfKLK7kHC
TLSH T13F5172032A4892386EA602EF423F0EB4FA0A91D5934124BD21FE649465033FDD07F0FB
Magika batch
Reporter JAMESWT_WT
Tags:bat WsgiDAV

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
inv.bat
Verdict:
Malicious activity
Analysis date:
2025-04-23 08:58:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1ef3ea1f-3439-46fa-b937-769f430c5be0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/3619/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6808a153a37ff28e1298773f
Tags:
dropper xtreme shell
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
DNS request
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
attrib dropper persistence powershell
Link:
https://www.filescan.io/uploads/6808a00190767142c3e16fd4/reports/c1d6e909-ebeb-447a-b799-9708eedb684d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1671801
Signature
Joe Sandbox ML detected suspicious sample
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious powershell command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1671801 Sample: inv.bat Startdate: 23/04/2025 Architecture: WINDOWS Score: 56 16 involves-overnight-venezuela-visited.trycloudflare.com 2->16 18 Joe Sandbox ML detected suspicious sample 2->18 20 Sigma detected: Suspicious Invoke-WebRequest Execution 2->20 22 Sigma detected: Suspicious Script Execution From Temp Folder 2->22 7 cmd.exe 1 2 2->7         started        signatures3 process4 signatures5 24 Suspicious powershell command line found 7->24 10 powershell.exe 15 7->10         started        12 powershell.exe 14 15 7->12         started        14 conhost.exe 7->14         started        process6
Score:
19%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gifxwe2m6t6tm3u6b36xnaihxqyiq4uve2xzmdpygi2tl4s2mydq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/250423-j1rfxsssbs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat 320b7b134cf4fd366e9e0efd768107bc3088729526af960df8323535f25a6607

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3522235/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/3619/

Comments