MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cceb2d4de4f97e7bb261a9550cfbe224e43247a3a0d31faeac85e78616d0e5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cceb2d4de4f97e7bb261a9550cfbe224e43247a3a0d31faeac85e78616d0e5b
SHA3-384 hash: 28d75f5f73fd6e42ac94b34b9c59cb5626d96065096147ccd7a809da5600371021dc86bfa90f804ef70ddd2cdd517902
SHA1 hash: d08072a61178284256beaecee5385b20c04dc244
MD5 hash: ee1c339039894ebea3a0ac90d03579b0
humanhash: stream-bakerloo-pip-high
File name:ee1c339039894ebea3a0ac90d03579b0.exe
Download: download sample
File size:319'745 bytes
First seen:2022-03-09 15:16:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:LKUgzcqBk2cKkQQ9oDqBPzl+1wy+lt6r6XI0Wp8Q3UqYD:LK7BulvaDqNZnyWt6ewUqQ
TLSH T17A642311C5A31CA5FAB69C7C181E7C3BE36C62A15F4FB9C95BE330191F7B9209974888
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/248748/
Detection(s):
Win.Packed.Asprotect-9940081-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6228c4f8dfdfa8501c80de15/reports/60a559a2-ecb5-49ec-ba29-55b2f161ea6a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bdba0938-c4da-4b6f-bc00-87a065cd3e3b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/953731
Signature
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 586211 Sample: PdbMdyGSNp.exe Startdate: 09/03/2022 Architecture: WINDOWS Score: 52 15 Multi AV Scanner detection for submitted file 2->15 17 PE file has nameless sections 2->17 6 PdbMdyGSNp.exe 1 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        11 conhost.exe 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->13 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cceb2d4de4f97e7bb261a9550cfbe224e43247a3a0d31faeac85e78616d0e5b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-09 15:17:11 UTC
File Type:
PE (Exe)
AV detection:
13 of 27 (48.15%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220309-sn2wkahgf4/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
75148e7f936087af04bafa5162cd1c61280cee0451d9b63baaf3fa467dd1d7b4
MD5 hash:
0a5b78babf74912afc99f30e276c44fb
SHA1 hash:
41f741c24f207e72b621a90e067dfa951cdca10e
Link:
https://www.unpac.me/results/f246b660-c308-4c84-a46a-c249865f7f4a/
SH256 hash:
9cceb2d4de4f97e7bb261a9550cfbe224e43247a3a0d31faeac85e78616d0e5b
MD5 hash:
ee1c339039894ebea3a0ac90d03579b0
SHA1 hash:
d08072a61178284256beaecee5385b20c04dc244
Link:
https://www.unpac.me/results/f246b660-c308-4c84-a46a-c249865f7f4a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/9cceb2d4de4f97e7bb261a9550cfbe224e43247a3a0d31faeac85e78616d0e5b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9cceb2d4de4f97e7bb261a9550cfbe224e43247a3a0d31faeac85e78616d0e5b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2084486/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/248748/

Comments