MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6a972b99e24b3e9c6f7db8900b2b682cf0a77c5e8be24ded64fa6ea0ee42e846. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 6a972b99e24b3e9c6f7db8900b2b682cf0a77c5e8be24ded64fa6ea0ee42e846 |
|---|---|
| SHA3-384 hash: | 0e9314401cdc1c4484ae7094acd14db38376e0f6a342d78674b38affc125506c7391abecf7e249d59fe314d750c2d247 |
| SHA1 hash: | e0acbf58b95121f2b12b3cfd0ebd4be3e9606853 |
| MD5 hash: | a6c9389e432aaf5bdbfcad0e23c34312 |
| humanhash: | fillet-hot-romeo-gee |
| File name: | a6c9389e432aaf5bdbfcad0e23c34312 |
| Download: | download sample |
| File size: | 212'992 bytes |
| First seen: | 2020-11-17 14:31:23 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 03ae0108c7455c49c94d2d60afa1e57a (1 x Worm.Ramnit) |
| ssdeep | 6144:CBIiH0K4M0WUxk4DpJfNSv18CrNAjQK3EIS4VxkEj1:zaijlEIS4VxkC |
| Threatray | 162 similar samples on MalwareBazaar |
| TLSH | 63248E033AA5C426E06767707BE591E147793CA527B0E72B7B6A332EFCB11940CB0B65 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Running batch commands
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Creating a process from a recently created file
Creating a file in the Windows directory
Threat name:
Win32.Trojan.Aenjaris
Status:
Malicious
First seen:
2020-11-08 13:04:00 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
5/5
Verdict:
unknown
Similar samples:
+ 152 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
6a972b99e24b3e9c6f7db8900b2b682cf0a77c5e8be24ded64fa6ea0ee42e846
MD5 hash:
a6c9389e432aaf5bdbfcad0e23c34312
SHA1 hash:
e0acbf58b95121f2b12b3cfd0ebd4be3e9606853
SH256 hash:
949ecd51a5deaa4ab80d173ebd969edc710aff83d8b5408c8ae9fa5adb47afa4
MD5 hash:
54548d11b8b55a409400788a4becb6fc
SHA1 hash:
1f07659be30f393229537c16bd89d13766b2df3c
SH256 hash:
642b0b367a684b6f33b2941e80f769405ffa733d10f3139855a448fac0b3b11d
MD5 hash:
eb2ec031b29fe387a297e4e61ab04243
SHA1 hash:
48a533945f9f5c85a3d6070750ed49dc6bc66c2d
SH256 hash:
9dbca29c2de9d63512f19bebfd97a2cdf7a8132765f893e69da01da5522e5752
MD5 hash:
d3bbf057f85fd82971da4d753904a2de
SHA1 hash:
37ff43b9a76847e68fed50b41215758cf52b84fc
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.