MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14
SHA3-384 hash: d7ce9cb9bba6886696cde7a09a90adf73839648c1b3673c152452fe6848379ecb99cc294729209b0953ce8d272a7fada
SHA1 hash: ae2cf3b1cebd62a8adcc162ae71f0215f416bc74
MD5 hash: 92131671c46da1ba29b85e06bd4b94f5
humanhash: pennsylvania-sierra-batman-harry
File name:List#RFQ.ppam
Download: download sample
File size:42'622 bytes
First seen:2022-02-24 08:05:26 UTC
Last seen:Never
File type:PowerPoint file ppam
MIME type:application/vnd.openxmlformats-officedocument.presentationml.presentation
ssdeep 768:L+JsRD4S0JS00SneSnjS0yS03S0IMS0bS02SxD/PoVK5Z1lDVn3QFTy1xqwVwxyc:L+JWp75eAGANf7dzm1/K8NytsR62
TLSH T19E13BF18C112210AC273293EC83889E55997DC57A12644DFD5EABE4B1B64EDB3B4EBCC
Reporter abuse_ch
Tags:aggah hagga ppam

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.GOVarRetroSpectAllTheWayDown.20220203.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Legacy PowerPoint File with Macro
Link:
https://app.docguard.net/7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm macros macros-on-open mshta
Link:
https://www.filescan.io/uploads/62173c75a6f52d32f17ed60e/reports/2cdce776-0522-4bc7-8c7e-810015c93d42/overview
Label:
Malicious
Suspicious Score:
9.9/10
Score Malicious:
1%
Score Benign:
0%
Link:
https://www.malware.ai/gui/files/?id=5b5e5885-f674-4894-a8f1-01d3575de915
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14
Details
Macro with Startup Hook
Detected macro logic that will automatically execute on document open. Most malware contains some execution hook.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/945481
Signature
Creates processes via WMI
Document exploit detected (drops PE files)
Drops PE files with a suspicious file extension
Multi AV Scanner detection for submitted file
Office process drops PE file
Renames powershell.exe to bypass HIPS
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicius Schtasks From Env Var Folder
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14/
Threat name:
Script-Macro.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2022-02-24 08:06:11 UTC
File Type:
Document
Extracted files:
43
AV detection:
13 of 24 (54.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pyjfg6shi4v4bpphlhmzpah26l5xwicbajk5u7ujahxpnuwazqka._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220224-jze2hadfcl/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PowerPoint file ppam 7e12537a47472bc0bde759d99780faf2fb7b20410255da7e8901eef6d2c0cc14

(this sample)

  
Delivery method
Distributed via e-mail attachment
  
URLhaus
https://urlhaus.abuse.ch/url/2043512/

Comments