MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45980cc8afb4e1b3738130d0855bb608530eef6731c5116fd053ac6e04159725. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash: 45980cc8afb4e1b3738130d0855bb608530eef6731c5116fd053ac6e04159725
SHA3-384 hash: c9674a992ad72a876ac473fd83666ba057c19e0cab19ec083ad117a319588f3aaf2307e63ee5b204b75152e03a309699
SHA1 hash: 7340595fbe35abdd89f922e9d6f9aa1c2e508085
MD5 hash: 7e5d584176b92f73bc82886c9945efc9
humanhash: friend-king-hotel-twelve
File name:2.hta
Download: download sample
File size:351'162 bytes
First seen:2024-08-20 00:49:15 UTC
Last seen:2024-08-20 06:28:26 UTC
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 6144:LiopiPTKIiytDTX2mCUgESG3nlZWNQ04qVHiPNq371Yj5FL:LQuEFCQvWNQQ8PNqCNFL
TLSH T1B874D0324C322FE9E61D3944B48B5CA04F5A2D879F295566EA4E08B129CD5C0BEFC1FD
Reporter 1ZRR4H
Tags:cdn-glitch-global hta

Intelligence


File Origin
# of uploads :
2
# of downloads :
102
Origin country :
CL CL
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Tags:
Execution Network Stealth
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Signature
AI detected suspicious sample
Self deletion via cmd or bat file
Sigma detected: Suspicious MSHTA Child Process
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1495371 Sample: 2.hta Startdate: 20/08/2024 Architecture: WINDOWS Score: 52 29 Sigma detected: Suspicious MSHTA Child Process 2->29 31 AI detected suspicious sample 2->31 9 mshta.exe 1 2->9         started        process3 signatures4 33 Self deletion via cmd or bat file 9->33 12 cmd.exe 3 3 9->12         started        process5 process6 14 Acrobat.exe 73 12->14         started        16 conhost.exe 12->16         started        18 certutil.exe 2 12->18         started        20 findstr.exe 1 12->20         started        process7 22 AcroCEF.exe 106 14->22         started        process8 24 AcroCEF.exe 2 22->24         started        dnsIp9 27 23.203.104.175 AKAMAI-ASUS United States 24->27
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2024-08-19 22:30:15 UTC
File Type:
Text (VBS)
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Deobfuscate/Decode Files or Information
Checks computer location settings
Manipulates Digital Signatures
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:html_auto_download_b64
Author:Tdawg
Description:html auto download

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments