MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225
SHA3-384 hash: 9abcc99358899d86cd65bf22a13dda4210ab5f9f1e0028a58e39b8fc15d151331d1004820d1d601a01499ae9cbd6171b
SHA1 hash: 0e76b2c8a45982f2f404fb9de026836d9752dfe3
MD5 hash: f95f1689f01d37d92c4fe4bd25fc2e99
humanhash: connecticut-oxygen-pasta-virginia
File name:6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225.ps1
Download: download sample
File size:46 bytes
First seen:2026-03-16 19:59:27 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3:rMNSlWfnc6zhHELz8:YuWfVwz8
TLSH TNULL
Magika txt
Reporter JAMESWT_WT
Tags:185-246-223-71 94-156-170-255 extra ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b8615f88c80c01586ae537
Tags:
overt
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin msiexec
Link:
https://www.filescan.io/uploads/69b861574ec2f522cc4b9666/reports/f6c2e526-989d-47e1-a871-54cecf109cea/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225
Verdict:
Malicious
File Type:
text
Detections:
UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225/results?tab=lookup
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225
Result
Malware family:
n/a
Score:
  7/10
Tags:
execution
Link:
https://tria.ge/reports/260316-yq5ywsbz9x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Badlisted process makes network request
Use of msiexec (install) with remote resource
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments