MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed
SHA3-384 hash:	1c86b07046659d896a38aef8384ff16752eaad6e9de3ecd301854db902f6567620cb236156d46e236a40ba1d04f05880
SHA1 hash:	b031465f49563164c09c23cac2ab0da91a933dde
MD5 hash:	edb11e1f03009f16f48dc0bee9e23804
humanhash:	steak-oregon-autumn-delta
File name:	revised Shipping document BL PL and comercial Invoice.js
Download:	download sample
File size:	847'084 bytes
First seen:	2026-05-27 14:21:46 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	3072:wLiH82G9QFscH/kCG+C49hFQOY7p1soq2gaUEcbif60yg7kj3pCmSHCt7kGKQFfq:VzN2VCbyfHCCGKwfORDZfORjI4o
Threatray	77 similar samples on MalwareBazaar
TLSH	T11605D5B157F6D50DB0B61F00AEB1B152543B7E726D3E866DD24D1AAD0BA3A08C871B33
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	txt
Reporter	lowmal3
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a16fe205d76862ef9484e4c

Tags:

shell spawn sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 encrypted lolbin masquerade obfuscated repaired wscript

Link:

https://www.filescan.io/uploads/6a16fe1946e44aecc0bfc707/reports/dc41e839-f701-424f-b11a-19d59afacefc/overview

Verdict:

Suspicious

Labled as:

JS/Agent.EGM

Link:

https://www.hybrid-analysis.com/sample/7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed

Verdict:

Malicious

File Type:

First seen:

2026-05-27T06:53:00Z UTC

Last seen:

2026-05-29T09:54:00Z UTC

Hits:

~1000

Detections:

HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

expl.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1919298

Signature

Joe Sandbox ML detected suspicious sample

JScript performs obfuscated calls to suspicious functions

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

WScript reads language and country specific registry keys (likely country aware script)

Behaviour

Behavior Graph:

Download SVG

Score:

49%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed/

Verdict:

Malicious

Threat:

Trojan.Script

Link:

https://tip.neiki.dev/file/7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed

Threat name:

Win32.Trojan.Znyonm

Status:

Malicious

First seen:

2026-05-27 09:51:56 UTC

File Type:

Text (JavaScript)

AV detection:

10 of 24 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oeuqo3zlmsfsbs6xwnplqyjluqyvxyct5pfv7kcsw2e7d33s33wq._file

Verdict:

malicious

Label(s):

stubrunner

145512ad0ee1ebe7ca3e4298be88ffa7cdb984b535128430a65acccc9d19ff14

17c4389d94dd30bc34623cef6898cf29805cee1b55eee78a8c3edb5e8b322f1c

2d7b52fa15022f97a866b631885d8789f4014cb254e5aa5e2711c8b6bfffe90b

347aa7eff96e6ac3f02072d5dfe1393024710f6740744470df86cb0d64bb96e8

4094f5f6850bb08f031664358dd68849077a269e34a598475ed0bebd16e5e163

815ad995f38f32335a5605e4097bcaf7956b4c704b7be04fb171d964373e81fa

cf124a23a7d04cc37a3b50b952a3917b867041170098e6c938e9f26a0f1883e8

db4c234a950279b3fee6e07157fd6c6e9ff082f8a72211749a0a3eb84a3bc0f5

df6f087bbe332de8def4d842f8c22a4cd48d46e735e31d84e9485595fa5ccd7f

error

+ 67 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery execution

Link:

https://tria.ge/reports/260527-rppf7ahx9w/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Badlisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

js 7129076f2b648b20cbd7b35eb8612ba4315be053ebcb5fa852b689f1ef72deed

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample