MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c7c5fb965e63d99a394d2742da9efda4cd70c4f95d68bcc67816ece7d127add. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c7c5fb965e63d99a394d2742da9efda4cd70c4f95d68bcc67816ece7d127add
SHA3-384 hash: ccef51803ad1e81befec3ff7c67504132d29935c812a8364092dab6c3b3291611870ea2349ece6ed7ce9464a9f2783be
SHA1 hash: 82d2f9304f3bfc7086d2f518958738e965e59750
MD5 hash: c45df757999bb55bc06e410d7f5e46dd
humanhash: maine-cardinal-tennis-missouri
File name:c45df757999bb55bc06e410d7f5e46dd.exe
Download: download sample
File size:15'809'999 bytes
First seen:2023-06-12 09:43:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f2702872592229d2f4cb1162cfbc55b (9 x STRRAT)
ssdeep 393216:gvaya1YN3LTuDwSoOZOUcrEk2woJuQFkyRmazVNEJj:gvaFKLTutowqEkZoFVRQ
Threatray 21 similar samples on MalwareBazaar
TLSH T1E0F60217AD69CC6CC9A394331092C397D20AE18DAE0DDB9F13B11945CEE496B1F12BED
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 6068ccc8c8f07010
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c45df757999bb55bc06e410d7f5e46dd.exe
Verdict:
Suspicious activity
Analysis date:
2023-06-12 09:46:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e5558b97-70b3-4277-a296-482165d6596a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Creating a file in the %temp% directory
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/90332/overview
Behaviour
MalwareBazaar
CPUID_Instruction
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug lolbin overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6486e8ac9f45f940f553820c/reports/4aed4901-aeef-408a-956d-fc3932ee9759/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3c7c5fb965e63d99a394d2742da9efda4cd70c4f95d68bcc67816ece7d127add
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6914d296-5224-4490-a1f3-9cd59862fae9
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
8 / 100
Link:
https://www.joesandbox.com/analysis/1252857
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c7c5fb965e63d99a394d2742da9efda4cd70c4f95d68bcc67816ece7d127add/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hr6f7olf4y6zti4u2j2c3kpp3jgnodcpsxlixtdhqfxm47isploq._file
Verdict:
unknown
Similar samples:
2221ff7ad5fbb6e42a65b10f3317ddab5616e1c90ab40647075a17db5788f907
24a9c6dabac2cff15f96de43dc26aed74ac750e66fd239d2330c0bdaa65542d1
5053f7a18f78763456267484fe3787e2502c64d8a8f2c2036d5bfeca60ca96e2
5dae5aaedb99aa87206c300d214cbf2362ecd437ea3c02f3e4099fd4876cf393
767a951ea1f41e10287199d95ffed5a84a94e1d33d82d519c91db89d37941f42
87e18f4cc965ba6a9b30326b7332196eb08c75e8bd213c5f8f77bb7e6834c842
8dc5d35e7f0a75f8a864ce2a569ac1cc3825521bcd269e5bc2ee7e6ce40c3fae
dd61ac8cd411106cef32fbc71827d92609ccfb3941e70294badbb07910e4b700
e34e04a5ec0fe131236803262834901c0dc254b8583024050507e683a9b32932
fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230612-lpyrzabh4y/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
3c7c5fb965e63d99a394d2742da9efda4cd70c4f95d68bcc67816ece7d127add
MD5 hash:
c45df757999bb55bc06e410d7f5e46dd
SHA1 hash:
82d2f9304f3bfc7086d2f518958738e965e59750
Link:
https://www.unpac.me/results/920bd4c1-9635-42fd-8f9a-ec406e6d8ac5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c7c5fb965e63d99a394d2742da9efda4cd70c4f95d68bcc67816ece7d127add

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments