MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
SHA3-384 hash: 1b4358a34f7b435bf532bd061a54aa3d778dccd310a6b538b71d00cf5da2fca800d13a8c54249464d6a7fc83cef7e683
SHA1 hash: 3ea64881f8d5e26b22477d43aac0c5f2710a7436
MD5 hash: be3544e5f49c12afafc043439bbbe7ca
humanhash: idaho-five-ten-hotel
File name:7月工资提成整理.exe
Download: download sample
File size:4'141'566 bytes
First seen:2023-07-07 09:44:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1ff847646487d56f85778df99ff3728a (4 x RedLineStealer, 3 x Nitol, 2 x Gh0stRAT)
ssdeep 98304:O06FOznLo0+Dd6uxckmpTncTYS3l72vpq4Z:O3F6n80W6uGkao7r4Z
Threatray 28 similar samples on MalwareBazaar
TLSH T19A162342F392C4B5D46685B888928B66CF733C225375C2EB5BD4A96F1F333D09A36325
TrID 68.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
10.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
9.1% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon fadadac2a2b8c4e4 (11 x Nitol, 2 x Amadey, 2 x AgentTesla)
Reporter obfusor
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
262
Origin country :
HK HK
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7月工资提成整理.exe
Verdict:
No threats detected
Analysis date:
2023-07-07 09:47:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/13e8698e-557b-40eb-8c73-a157da166bbd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/410456/
Detection(s):
MiscreantPunch.SingleXOR.EXE.7.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.BackDoor.IRC.Bot.4560.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/96253/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Gathering data
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0b6fe1a9-cbae-4a3f-a635-67daf93c6dbd
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1269107
Signature
Found driver which could be used to inject code into processes
May modify the system service descriptor table (often done to hook functions)
Multi AV Scanner detection for submitted file
Sample is not signed and drops a device driver
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1269107 Sample: 7#U6708#U5de5#U8d44#U63d0#U... Startdate: 07/07/2023 Architecture: WINDOWS Score: 60 44 Multi AV Scanner detection for submitted file 2->44 46 Found driver which could be used to inject code into processes 2->46 48 May modify the system service descriptor table (often done to hook functions) 2->48 8 7#U6708#U5de5#U8d44#U63d0#U6210#U6574#U7406.exe 4 2->8         started        process3 file4 32 C:\Users\user\AppData\Local\...\irsetup.exe, PE32 8->32 dropped 34 C:\Users\user\AppData\Local\...\lua5.1.dll, PE32 8->34 dropped 11 irsetup.exe 22 8->11         started        process5 file6 36 C:\Program Files (x86)\...\hookport_win10.sys, PE32 11->36 dropped 38 C:\un.exe, PE32+ 11->38 dropped 40 C:\Program Files (x86)\...\360tray.exe, PE32 11->40 dropped 42 5 other files (none is malicious) 11->42 dropped 50 Sample is not signed and drops a device driver 11->50 15 iusb3mon.exe 8 11->15         started        17 un.exe 5 11->17         started        20 un.exe 3 11->20         started        signatures7 process8 file9 22 WerFault.exe 23 9 15->22         started        24 WerFault.exe 2 9 15->24         started        30 C:\Microsoft\iusb3mon.exe, PE32 17->30 dropped 26 conhost.exe 17->26         started        28 conhost.exe 20->28         started        process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptr3mn4niuk2emwnxq7nnhea6bjdnltsz2di5je57ijvh7i5uu6q._file
Verdict:
unknown
Similar samples:
02a8afb13fb3fa71b1607c1c878322ab3894d6e3d646ac17782339cc6065ce45
1c60192be3d193617aadd61be5be552a5b24e46e50492b04eb889ed1f6fbd81d
1e7ed9a8dd2e513ace96352932af722d1c3c88641b97f8f59a50774ef1dc31ea
24612d672e37bb6e47a89202b9a442b94eb7a353aa899746621c0c15389ab4f5
583d8351de707ac2b46a2fb9fd9ee31056ad7a83b9fea10df5f3e5e46f890b92
61d451ce5a169591bd4e8633c9030a8afb54027e66dbae6127984caa48bc2568
6f325f597152d05729febea8dd2077cf68efff4abfe593f4cf633baf06e35b57
827349ef926486d692dec5158ac66fcc27ec6f628f759f1cb23814f50f93ab88
ac2776e3263b66f68353ec62113742e5b045f92da733866a7952673df4b1c45a
dc4f19e5e4dc8fcc3c4ef23408bb2786351dbc4c6d68fd8f882bcbdf52211ff3
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230707-lq3gjshc5z/
Unpacked files
SH256 hash:
44dd47d2f43fd0a04fe3974ca380611bbd5d6c36ef68582b169dd87f695cb9ef
MD5 hash:
e0514998a41aaa9031310b2d815f3b81
SHA1 hash:
45dedd350fd0b76217d8aedce9853648a04007f4
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
a070b850b83aa22d8e47fa7e63180c5302593dd14c8b89b10b4e3dcc7eb83d95
MD5 hash:
16db6048c1c1f7ea11da4b4ce06be59b
SHA1 hash:
fe5c58780714ab0a7dbeb0ba26aa161a96f841ab
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
8f81bc92ee775ad5fa62ee1a504c45950be985e1f00006e630e913ca2e11abe1
MD5 hash:
54009012e012fa0496d452cccebdb192
SHA1 hash:
a682b66b666e86e4eabf8e0d28b9d98b18ae963a
Detections:
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
Parent samples :
ac2776e3263b66f68353ec62113742e5b045f92da733866a7952673df4b1c45a
583d8351de707ac2b46a2fb9fd9ee31056ad7a83b9fea10df5f3e5e46f890b92
7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
8c512cc402ba9424f96350f6fda90107c59449cd7562f9439598d931be10d8ff
SH256 hash:
3e31ac96cc9f23ca66777bcbf220ecf9440d0f95db2a2eb63cd21cd429215d90
MD5 hash:
24bc951a816d6d741ea952a68b32e727
SHA1 hash:
2e76fb07c23812d984348de09be52113f045c236
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
44dd47d2f43fd0a04fe3974ca380611bbd5d6c36ef68582b169dd87f695cb9ef
MD5 hash:
e0514998a41aaa9031310b2d815f3b81
SHA1 hash:
45dedd350fd0b76217d8aedce9853648a04007f4
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
a070b850b83aa22d8e47fa7e63180c5302593dd14c8b89b10b4e3dcc7eb83d95
MD5 hash:
16db6048c1c1f7ea11da4b4ce06be59b
SHA1 hash:
fe5c58780714ab0a7dbeb0ba26aa161a96f841ab
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
8f81bc92ee775ad5fa62ee1a504c45950be985e1f00006e630e913ca2e11abe1
MD5 hash:
54009012e012fa0496d452cccebdb192
SHA1 hash:
a682b66b666e86e4eabf8e0d28b9d98b18ae963a
Detections:
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
Parent samples :
ac2776e3263b66f68353ec62113742e5b045f92da733866a7952673df4b1c45a
583d8351de707ac2b46a2fb9fd9ee31056ad7a83b9fea10df5f3e5e46f890b92
7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
8c512cc402ba9424f96350f6fda90107c59449cd7562f9439598d931be10d8ff
SH256 hash:
3e31ac96cc9f23ca66777bcbf220ecf9440d0f95db2a2eb63cd21cd429215d90
MD5 hash:
24bc951a816d6d741ea952a68b32e727
SHA1 hash:
2e76fb07c23812d984348de09be52113f045c236
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
44dd47d2f43fd0a04fe3974ca380611bbd5d6c36ef68582b169dd87f695cb9ef
MD5 hash:
e0514998a41aaa9031310b2d815f3b81
SHA1 hash:
45dedd350fd0b76217d8aedce9853648a04007f4
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
a070b850b83aa22d8e47fa7e63180c5302593dd14c8b89b10b4e3dcc7eb83d95
MD5 hash:
16db6048c1c1f7ea11da4b4ce06be59b
SHA1 hash:
fe5c58780714ab0a7dbeb0ba26aa161a96f841ab
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
8f81bc92ee775ad5fa62ee1a504c45950be985e1f00006e630e913ca2e11abe1
MD5 hash:
54009012e012fa0496d452cccebdb192
SHA1 hash:
a682b66b666e86e4eabf8e0d28b9d98b18ae963a
Detections:
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
Parent samples :
ac2776e3263b66f68353ec62113742e5b045f92da733866a7952673df4b1c45a
583d8351de707ac2b46a2fb9fd9ee31056ad7a83b9fea10df5f3e5e46f890b92
7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
8c512cc402ba9424f96350f6fda90107c59449cd7562f9439598d931be10d8ff
SH256 hash:
3e31ac96cc9f23ca66777bcbf220ecf9440d0f95db2a2eb63cd21cd429215d90
MD5 hash:
24bc951a816d6d741ea952a68b32e727
SHA1 hash:
2e76fb07c23812d984348de09be52113f045c236
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
44dd47d2f43fd0a04fe3974ca380611bbd5d6c36ef68582b169dd87f695cb9ef
MD5 hash:
e0514998a41aaa9031310b2d815f3b81
SHA1 hash:
45dedd350fd0b76217d8aedce9853648a04007f4
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
a070b850b83aa22d8e47fa7e63180c5302593dd14c8b89b10b4e3dcc7eb83d95
MD5 hash:
16db6048c1c1f7ea11da4b4ce06be59b
SHA1 hash:
fe5c58780714ab0a7dbeb0ba26aa161a96f841ab
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
8f81bc92ee775ad5fa62ee1a504c45950be985e1f00006e630e913ca2e11abe1
MD5 hash:
54009012e012fa0496d452cccebdb192
SHA1 hash:
a682b66b666e86e4eabf8e0d28b9d98b18ae963a
Detections:
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
win_sinowal_w1
Create hunting rule
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
Parent samples :
ac2776e3263b66f68353ec62113742e5b045f92da733866a7952673df4b1c45a
583d8351de707ac2b46a2fb9fd9ee31056ad7a83b9fea10df5f3e5e46f890b92
7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
8c512cc402ba9424f96350f6fda90107c59449cd7562f9439598d931be10d8ff
SH256 hash:
3e31ac96cc9f23ca66777bcbf220ecf9440d0f95db2a2eb63cd21cd429215d90
MD5 hash:
24bc951a816d6d741ea952a68b32e727
SHA1 hash:
2e76fb07c23812d984348de09be52113f045c236
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
SH256 hash:
7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d
MD5 hash:
be3544e5f49c12afafc043439bbbe7ca
SHA1 hash:
3ea64881f8d5e26b22477d43aac0c5f2710a7436
Link:
https://www.unpac.me/results/197b6557-9b9e-4294-a095-66fdaedb9b12/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ce3b6378d4515a232cdbc3ed69c80f05236ae72ce868ea49dfa1353fd1da53d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:QbotStuff
Create hunting rule
Author:anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/410456/

Comments