MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2333a530991cf9073e126e54fc8f12e5fba1d711593f1241397d6e5bde65194. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2333a530991cf9073e126e54fc8f12e5fba1d711593f1241397d6e5bde65194
SHA3-384 hash: c65b42fd3d337398374728c0c5055bc5a0621dd6709891addbc82facc9bd4358df1c0cda0cb7fb09e68e92b88fcd0208
SHA1 hash: 32a5ac93f2ae1c2bee0dd3e0c2256c5e57e07317
MD5 hash: abc8c91c8a76482fec4dcf674e58f396
humanhash: dakota-arkansas-ten-cold
File name:b2333a530991cf9073e126e54fc8f12e5fba1d711593f1241397d6e5bde65194
Download: download sample
File size:41'968 bytes
First seen:2021-09-20 18:26:42 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 768:5G7cYzbmiM3FpvjwaAQchcwjQMOthcnVQcnBh:XYzbdMj5HUQVkacnH
Threatray 4 similar samples on MalwareBazaar
TLSH T1F7138D425F206853DE8789B4F1EA9E365D74A741A7D084D3A260C1A8CFC4BE6797C07F
Reporter Anonymous
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189578/
Detection(s):
SecuriteInfo.com.Variant.Doina.21836.9652.31526.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8d8ff453-35d9-498d-930a-71d51a1b3dfc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/854365
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an autostart registry key pointing to binary in C:\Windows
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 486798 Sample: mxq4DXCNeq Startdate: 20/09/2021 Architecture: WINDOWS Score: 80 75 Multi AV Scanner detection for dropped file 2->75 77 Multi AV Scanner detection for submitted file 2->77 10 loaddll32.exe 1 2->10         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        process3 process4 16 rundll32.exe 1 3 10->16         started        19 cmd.exe 1 10->19         started        21 rundll32.exe 2 10->21         started        23 rundll32.exe 12->23         started        25 rundll32.exe 14->25         started        signatures5 63 Contains functionality to inject threads in other processes 16->63 65 Contains functionality to inject code into remote processes 16->65 67 Creates an autostart registry key pointing to binary in C:\Windows 16->67 27 rundll32.exe 16->27         started        30 rundll32.exe 2 19->30         started        33 rundll32.exe 21->33         started        69 Writes to foreign memory regions 23->69 71 Allocates memory in foreign processes 23->71 73 Creates a thread in another existing process (thread injection) 23->73 35 cmd.exe 13 23->35         started        37 cmd.exe 13 25->37         started        process6 file7 85 Writes to foreign memory regions 27->85 87 Allocates memory in foreign processes 27->87 89 Creates a thread in another existing process (thread injection) 27->89 39 cmd.exe 13 27->39         started        59 C:\Users\user\AppData\...\AppContainerDbg.pfx, PE32 30->59 dropped 42 rundll32.exe 30->42         started        45 cmd.exe 13 33->45         started        47 conhost.exe 35->47         started        49 conhost.exe 37->49         started        signatures8 process9 dnsIp10 61 95.179.225.165, 443, 49745, 49746 AS-CHOOPAUS Netherlands 39->61 51 conhost.exe 39->51         started        79 Writes to foreign memory regions 42->79 81 Allocates memory in foreign processes 42->81 83 Creates a thread in another existing process (thread injection) 42->83 53 cmd.exe 13 42->53         started        55 conhost.exe 45->55         started        signatures11 process12 process13 57 conhost.exe 53->57         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2333a530991cf9073e126e54fc8f12e5fba1d711593f1241397d6e5bde65194/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-09-19 15:49:23 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
7f6c28303efba53285eab22d2c26aa3688397cabf95947b7877a0d3bc8ab38a6
afde4b3d64da9dea8c95d5bfa349920a7d74017ac4bdefd41d1cd45002e00ad8
bb12dc21e8647eba9a7a99b1112f1ab729571ca28ac46f3c7edb533574a5de4f
c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210920-w3q96aehh8/
Behaviour
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
341546d39d558b6f2527fbdf258633f44cdb64c1bc64960281284335bec20384
MD5 hash:
8a6d6519c947f3aec3e4daecf570341c
SHA1 hash:
00c5271626d505df09d9eea631a3cdff3fa680f7
Link:
https://www.unpac.me/results/b78075a4-3d6d-4674-b362-ee421dc22c2a/
SH256 hash:
b2333a530991cf9073e126e54fc8f12e5fba1d711593f1241397d6e5bde65194
MD5 hash:
abc8c91c8a76482fec4dcf674e58f396
SHA1 hash:
32a5ac93f2ae1c2bee0dd3e0c2256c5e57e07317
Link:
https://www.unpac.me/results/b78075a4-3d6d-4674-b362-ee421dc22c2a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b2333a530991cf9073e126e54fc8f12e5fba1d711593f1241397d6e5bde65194

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/189578/

Comments