MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9606b7c2a76c2f70134ffba266ff8d1f62df336ed149fe28bb85bf230fa22314. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 9606b7c2a76c2f70134ffba266ff8d1f62df336ed149fe28bb85bf230fa22314
SHA3-384 hash: d7e2d2b254e9149c5a878e2f3f1bc991935f72e1ce5a04fdce13f10660018b05e99e5561fd180afdd02201fa716b8ced
SHA1 hash: 72cb35a09f25aba6a9aca0989058ca0ae7f4b8dd
MD5 hash: 5e6a19522ec875d8920fb28757e463e9
humanhash: kilo-autumn-pennsylvania-east
File name:unnamed 1_1.0.0.0.vir
Download: download sample
Signature n/a
File size:698'880 bytes
First seen:2020-07-19 19:50:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55955440613171358887587c36953bef
ssdeep 12288:6pnSv6f5s18wUkTv0lOcJNUFmxB6npyo0rk2skHCs8D/u8i57LksJGpWW:n8wjvYNUFmxB6irkhDD/sVLksJGp3
TLSH C4E41220B2A1A0F7D7B3BE330EB2CA7159F9AAF456658DE7174107390E388D09D27D51
Reporter @tildedennis
Tags:unnamed 1


Twitter
@tildedennis
unnamed 1 version 1.0.0.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2019-02-05 20:44:36 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Looks up external IP address via web service
Adds Run key to start application
Looks up external IP address via web service
Deletes itself
Deletes itself
Blacklisted process makes network request
Blacklisted process makes network request
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments