MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7446efa798cfa7908e78e7fb2bf3ac57486be4d2edea8a798683c949d504dee6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7446efa798cfa7908e78e7fb2bf3ac57486be4d2edea8a798683c949d504dee6
SHA3-384 hash: 4f8286875e92c666e8c61a0e2e954bc05cd149dd83b24be2810e9eb15d61773c6a07966375f736197a67c76a70c50a34
SHA1 hash: da013027c7f534321c940f2047354359d7b32480
MD5 hash: cd0a391331c1d4268bd622080ba68bce
humanhash: bravo-sixteen-triple-juliet
File name:7446efa798cfa7908e78e7fb2bf3ac57486be4d2edea8a798683c949d504dee6
Download: download sample
File size:289'280 bytes
First seen:2020-08-25 14:14:40 UTC
Last seen:Never
File type:Word file docx
MIME type:application/msword
ssdeep 6144:iqeZW6uUGwGOMpsdmQsNW/74kGldaeoEISB:iqdlUvfMeETNCkkNt
TLSH A254CF627391FD32D5560435EC06C3E9A626FE499FA5829B30C13F2FB9325212A53FD2
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Doc.Dropper.MSHTA-6966166-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Launching a process by exploiting the app vulnerability
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/449261
Signature
Connects to a URL shortener service
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7446efa798cfa7908e78e7fb2bf3ac57486be4d2edea8a798683c949d504dee6/
Threat name:
Script-Macro.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2019-05-22 20:51:45 UTC
File Type:
Document
Extracted files:
19
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro
Link:
https://tria.ge/reports/200825-hwehjygf1a/
Behaviour
Office macro that triggers on suspicious action
Suspicious Office macro
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7446efa798cfa7908e78e7fb2bf3ac57486be4d2edea8a798683c949d504dee6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments