MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe
SHA3-384 hash: 1eefc593f75703b02d90599748ea61f370a7f61400c5eee3474f34f882ee02de4db5166cb94f4597df410dd064367db2
SHA1 hash: 5a1e5f02ea837dd33606cfceb5c6e92db13963e6
MD5 hash: b85db3afbd4dbfaf28722e84461702c7
humanhash: fourteen-mike-spaghetti-sierra
File name:hidden.bat
Download: download sample
File size:993 bytes
First seen:2025-05-31 21:18:52 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 24:ppzHO3I8BgAfJyyR0CHV13/DldJON/XRVhVrQsG9t/jS:ppCI8Bndf3/DldgN/RVLcsG9tm
TLSH T13411A804054686376272D2B8C7622041F26AB397281548A9F9BEA0905FBA245BFFAED4
Magika batch
Reporter juroots
Tags:85-203-4-56 bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
GB GB
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
hidden.bat
Verdict:
No threats detected
Analysis date:
2025-05-31 21:19:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e64b4d06-e909-4d75-99dc-565ad250a770

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6600/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=683b764aacf88f5815e9ee43
Tags:
dropper shell sage
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1703091
Signature
Maps a DLL or memory area into another process
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 1703091 Sample: hidden.bat Startdate: 31/05/2025 Architecture: WINDOWS Score: 22 5 cmd.exe 1 2->5         started        signatures3 16 Maps a DLL or memory area into another process 5->16 8 conhost.exe 5->8         started        10 AppInstallerPythonRedirector.exe 5->10         started        12 AppInstallerPythonRedirector.exe 5->12         started        14 cacls.exe 1 5->14         started        process4
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-05-31 21:19:24 UTC
File Type:
Text (Batch)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zsj6ehvhdvmazkao2qwiv4x3k6bhpqx36vms3holwqdvqowc4p7a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250531-z6csqagq3y/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat cc93e21ea71d580ca80ed42c8af2fb578277c2fbf5592d9dcbb407583ac2e3fe

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/6600/
  
URLhaus
https://urlhaus.abuse.ch/url/3556072/
  
Delivery method
Distributed via web download

Comments