MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280
SHA3-384 hash: 92ea908810b64a8a46cb5f4e99a4f1370fe354b208746dcef5b609958e7548e9e967b94befef1fd284769dcff43a6400
SHA1 hash: d91d4e74446cd4b20c6548a5c775384aa8785e6d
MD5 hash: 37b44a98cbc2a8fd86f31eb45c9fb9d8
humanhash: violet-hawaii-glucose-burger
File name:VideoReference111.bat
Download: download sample
File size:801 bytes
First seen:2025-11-18 22:36:07 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 24:l0Bgp8hA0JvTWYPVZJYhoQ8a9Gh8JSyyUWubuIwyF/:l0BL7acrJ8S6W7He
TLSH T15E016D5DB504D1538EB1D484D93DC44CF4BB40D31206DBAE6AE398EE38417F856CC8CA
Magika batch
Reporter smica83
Tags:bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
VideoReference111.bat
Verdict:
No threats detected
Analysis date:
2025-11-18 22:38:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7798c311-c074-44c7-9bfd-72ae29aac725

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38621/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691cf4e8434cd67b17c2f694
Tags:
dropper shell sage
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Creating a process with a hidden window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
cscript evasive lolbin wscript
Link:
https://www.filescan.io/uploads/691cf4e7e68d9822a37c69ec/reports/59ad6492-bd4c-46a6-ad54-a51acc0b7041/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-18T20:08:00Z UTC
Last seen:
2025-11-19T18:24:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.BAT.Alien.gen Trojan-Downloader.JS.Cryptoload.sb HEUR:Trojan-Downloader.VBS.Agent.gen UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1816565
Signature
Command shell drops VBS files
Joe Sandbox ML detected suspicious sample
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Sigma detected: WScript or CScript Dropper - File
System process connects to network (likely due to code injection or exploit)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows Shell Script Host drops VBS files
Yara detected Generic JS Downloader
Behaviour
Behavior Graph:
Download SVG
Score:
85%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280/
Verdict:
Malicious
Threat:
Trojan-Downloader.JS.Cryptoload
Link:
https://tip.neiki.dev/file/d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=27whfptynrnvodojf2bluscvssgimwg5l7faurgw55gl3esuskaa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/251118-2jepxacn5x/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.69
Link:
https://yomi.yoroi.company/submissions/d7ec72be786c5b570dc92e82ba4855948c8658dd5fca0a44d6ef4cbd92549280

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/38621/

Comments