MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c26c99eeb30da221f74dd0951f4b8de0207e5801b64cd8d2a1abf1f906668096. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: c26c99eeb30da221f74dd0951f4b8de0207e5801b64cd8d2a1abf1f906668096
SHA3-384 hash: 6437a6d7730fc68dc9bd2d1c985e83f3a6b0fdf74e80234d2efde85cfe520af517413eb5c35becf8bf82cb96ab7c6f70
SHA1 hash: 112b4c96c4f74e5ef7c89110e59a499068cfcad9
MD5 hash: 578f0e48afff4fa6927f146b2c6c1cf3
humanhash: two-single-winter-lactose
File name:sipariş listem05.08.2022.docx
Download: download sample
Signature n/a
File size:313'830 bytes
First seen:2022-08-05 13:31:16 UTC
Last seen:Never
File type:Word file doc
MIME type:application/vnd.openxmlformats-officedocument.wordprocessingml.document
ssdeep 6144:ssqlRSPLKGm5u5acjKnkk/DiQ3kKibOopOaxCJ9cOIbo03:7+GLqqjKnkvQ3Jib94aIJ9cOS3
TLSH T1EE642263D0240BADF4666E3CC76C1522E35AD4B3A99193053A86BEFDD702FFA46C084D
TrID 64.7% (.TMDX/TMVX) SoftMaker TextMaker text Document (84519/2/13)
18.0% (.DOCX) Word Microsoft Office Open XML Format document (23500/1/4)
13.4% (.ZIP) Open Packaging Conventions container (17500/1/4)
3.0% (.ZIP) ZIP compressed archive (4000/1)
0.7% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter @lowmal3
Tags:doc geo TUR

Office OLE Information


This malware samples appears to be an Office document. The following table provides more information about this document using oletools and oledump.

OLE dump
Sections: 5

The following OLE sections have been found using oledump:

Section IDSection sizeSection name
A172 bytesCompObj
A220 bytesOle
A3173953 bytesOle10Native
A46 bytesObjInfo

Intelligence


File Origin
# of uploads :
1
# of downloads :
364
Origin country :
DE DE
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
sipariş listem05.08.2022.docx
Verdict:
No threats detected
Analysis date:
2022-08-05 13:34:04 UTC
Tags:
ole-embedded

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Creating a window
Сreating synchronization primitives
Result
Verdict:
Malicious
File Type:
OOXML Word File with Embedding Objects
Alert level:
40%
Document image
Document image
Label:
Malicious
Suspicious Score:
  8.4/10
Score Malicious:
85%
Score Benign:
15%
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Signature
Antivirus / Scanner detection for submitted sample
Document contains OLE streams which likely are hidden ActiveX objects
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Document-Word.Downloader.BanLoad
Status:
Malicious
First seen:
2022-08-05 13:32:08 UTC
File Type:
Document
Extracted files:
31
AV detection:
10 of 39 (25.64%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Office loads VBA resources, possible macro or embedded object present
Drops file in Windows directory

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Word file doc c26c99eeb30da221f74dd0951f4b8de0207e5801b64cd8d2a1abf1f906668096

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments