MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d7285b56320f40a816049cff4aa2f585f61ccad985f8a4a2dc41ac00f4c44f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 4d7285b56320f40a816049cff4aa2f585f61ccad985f8a4a2dc41ac00f4c44f4
SHA3-384 hash: 2d568ed73fa2d51a93410ca7c5d7ac36faf39ae7fe55545d638f53f2e8d9d91581adc3d75936078f16d140395770a63b
SHA1 hash: 2191035f266120591bf33a4d845b874f43486d72
MD5 hash: 6d9f9c0b40a30cbefde711411991c2ea
humanhash: potato-foxtrot-hamper-saturn
File name:a92455c8-7e4e-4846-8cb4-4128ddb0a9a.hta
Download: download sample
File size:10'514 bytes
First seen:2026-04-17 14:22:56 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:jTstQiXw8/p2X6PFgUtaVtOh9k5QkPYC8K:vst08/p2X6PFs8i5Dp8K
TLSH T19A22BAF58669392F562449D13F8D901CA802F0E2956C2E11FC6DB319B3AB6B104BB38B
Magika html
Reporter abuse_ch
Tags:hta

Intelligence


File Origin
# of uploads :
1
# of downloads :
50
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Behaviour
BlacklistAPI detected
Gathering data
Verdict:
Malicious
File Type:
hta
First seen:
2026-04-15T14:24:00Z UTC
Last seen:
2026-04-18T00:50:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Script.Generic Trojan.JS.SAgent.sb PDM:Trojan.Win32.Generic
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Legitimate Application Dropped Script
Sigma detected: Suspicious MSHTA Child Process
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1900214 Sample: a92455c8-7e4e-4846-8cb4-412... Startdate: 17/04/2026 Architecture: WINDOWS Score: 56 27 open.websanpham.com 2->27 33 Multi AV Scanner detection for submitted file 2->33 35 Sigma detected: Suspicious MSHTA Child Process 2->35 37 Sigma detected: Legitimate Application Dropped Script 2->37 9 mshta.exe 2 2->9         started        signatures3 process4 file5 25 C:\Users\user\AppData\...\MaSTeRTelPro.bat, ASCII 9->25 dropped 12 cmd.exe 1 9->12         started        14 curl.exe 2 9->14         started        process6 dnsIp7 17 cmd.exe 1 12->17         started        19 conhost.exe 12->19         started        29 open.websanpham.com 104.21.21.222, 443, 49691 CLOUDFLARENETUS United States 14->29 31 127.0.0.1 unknown unknown 14->31 21 conhost.exe 14->21         started        process8 process9 23 msiexec.exe 17->23         started       
Gathering data
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2026-04-15 15:12:51 UTC
File Type:
Text (VBS)
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments