MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6b4970c6016fbff8665932c69d95203863c7ea46ae0f86e02525a4694f60f115. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 8
| SHA256 hash: | 6b4970c6016fbff8665932c69d95203863c7ea46ae0f86e02525a4694f60f115 |
|---|---|
| SHA3-384 hash: | 497845831077176c02f575c2d4e6effec2b24715e373a7d2647e719bf2c066cec48f51acfb55f86f91f53ee7eab83e97 |
| SHA1 hash: | a7a792adb3e5ade11ffdad4a324a0a2e5bbf4326 |
| MD5 hash: | 3f14272b64735887de1b061a630b60b0 |
| humanhash: | rugby-tennessee-south-apart |
| File name: | New RFQ Oder List Scg,pdf.ppam |
| Download: | download sample |
| File size: | 41'534 bytes |
| First seen: | 2022-03-04 19:22:58 UTC |
| Last seen: | Never |
| File type: |  ppam |
| MIME type: | application/vnd.openxmlformats-officedocument.presentationml.presentation |
| ssdeep | 768:MRD4S0JS00SneSnjS0yS03S0IMS0bS02Sote9YRuOjXHXQDjcfHTgWYpNNLj40dJ:2ceqfHXWArgrjpd0mgrAIg91/K8Nytsv |
| TLSH | T1F113BF14C102641AC2B3753DE93C88E1196B8C1B6514898FD6DB7A470BA4EEB3B5FFC9 |
| Reporter |  abuse_ch |
| Tags: | aggah hagga ppam |
abuse_ch
Payload URL:http://bitly.com/itjjjskrr
https://ia601407.us.archive.org/1/items/loapeas/4.html
Intelligence
File Origin
# of uploads :
1
# of downloads :
344
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
Legacy PowerPoint File with Macro
Label:
Malicious
Suspicious Score:
9.9/10
Score Malicious:
1%
Score Benign:
0%
Result
Verdict:
MALICIOUS
Link:
Details
Macro with Startup Hook
Detected macro logic that will automatically execute on document open. Most malware contains some execution hook.
Macro Contains Suspicious String
Detected a macro with a suspicious string. Suspicious strings include privileged function calls, obfuscations, odd registry keys, etc...
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
80 / 100
Signature
Antivirus / Scanner detection for submitted sample
Creates processes via WMI
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (drops PE files)
Drops PE files with a suspicious file extension
Multi AV Scanner detection for submitted file
Office process drops PE file
Behaviour
Behavior Graph:
Threat name:
Script.Downloader.EncDoc
Status:
Malicious
First seen:
2022-02-17 05:06:16 UTC
File Type:
Document
Extracted files:
43
AV detection:
20 of 42 (47.62%)
Threat level:
3/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
ppam 6b4970c6016fbff8665932c69d95203863c7ea46ae0f86e02525a4694f60f115
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.