MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b444f740cfdcc089b5b5e6a4a6ab13830d7a1ae68def76a2b01242c701f5428e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b444f740cfdcc089b5b5e6a4a6ab13830d7a1ae68def76a2b01242c701f5428e
SHA3-384 hash: b9481ee4ffdd4cb2347fbdd10d0e9e973e4b3db5fdb64e7aed786943b82a191fbdef42b87c2b7401e2a289219c45910d
SHA1 hash: b63882c1f439aba614e06129cfc2ebaed980cdc0
MD5 hash: b612a406ba18ce71bd8af823fddc3692
humanhash: butter-three-eleven-carbon
File name:b612a406ba18ce71bd8af823fddc3692.dll
Download: download sample
File size:106'196 bytes
First seen:2022-02-09 16:45:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:J8l0ZHiVK52jxcVfvenMMvR5GgBdcbWePQ5+PSiQaHqh/Y1+0xefzlYvaFtzOAjI:8eHTu/nMZoHrrxRi9VZunBAx61h42c9
Threatray 19 similar samples on MalwareBazaar
TLSH T1BFA3B66F9135465BEEDA4C74DC8C63A6CA936E3C4E37DAF61C64D0703828165BA2B313
Reporter abuse_ch
Tags:dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239749/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6203efd78673df1bb4391846/reports/3d7e669f-1375-4a85-9ffa-6532e983c2d5/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f48f6c78-5c38-4048-94fb-ea69ca7d7663
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/937061
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 569540 Sample: 5jEM8baF64.dll Startdate: 09/02/2022 Architecture: WINDOWS Score: 52 13 Multi AV Scanner detection for submitted file 2->13 15 Sigma detected: Suspicious Call by Ordinal 2->15 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b444f740cfdcc089b5b5e6a4a6ab13830d7a1ae68def76a2b01242c701f5428e/
Verdict:
unknown
Similar samples:
0b149fc1f48da1d2c02d778be120427483403cd7519fc7f69e741288b120cb9d
45b7ef5a55cbcddb1f21415450ee982ebdafac1cf3a57e62acb8d014bc797dfc
65234c8a08c9a5e2e81af11e4be56eaee3ec00c9063069ab9d97770d6f31ba6b
aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b
af7526d30d40da60e83b0423f338f0740886321eadaae86ce16c10af44e44c3e
c0c4cf3a74e70f837e73f44ed95789946b02de457b6155ddc4e14a9441f92048
c391aff5321bbb74cd72d876062bd41f120cfeabb20d07b383ffdd76fadc4904
d3fd3711c2dcff75bf015624ac6ac8f258fbd0229cf7cd4cb5f4eaba6ec32033
d5a4fcb0e552cad22b1a907e874295b08e83d58bd83f9b4788c90aaad263cd87
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220209-t9zh1abbdr/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
b444f740cfdcc089b5b5e6a4a6ab13830d7a1ae68def76a2b01242c701f5428e
MD5 hash:
b612a406ba18ce71bd8af823fddc3692
SHA1 hash:
b63882c1f439aba614e06129cfc2ebaed980cdc0
Link:
https://www.unpac.me/results/1eb5dfde-a019-4955-98d2-7d685d3aea8a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b444f740cfdcc089b5b5e6a4a6ab13830d7a1ae68def76a2b01242c701f5428e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1799907/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/239749/

Comments