MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcde17e3cfe69ac2ccabf6e4725490d5b715eba7454d9fa859dde428a11f4649. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	dcde17e3cfe69ac2ccabf6e4725490d5b715eba7454d9fa859dde428a11f4649
SHA3-384 hash:	8e3fa76ca78321132580f09241451cd904cd5760e4de1ee7453ea2c782e7f8606b2f45085081e0e3d9ef5885e626c19d
SHA1 hash:	d435d3971d39e87f1619f61fc3454b24a656cba6
MD5 hash:	4d64b8bd0fd2a18ca0ec93bbc1595608
humanhash:	may-black-speaker-wolfram
File name:	foxy.doc
Download:	download sample
File size:	8'350 bytes
First seen:	2020-05-22 06:14:38 UTC
Last seen:	Never
File type:	doc
MIME type:	text/rtf
ssdeep	96:cQiBbvR0ZBfRJEDwHsOzZNXtESLmJmhdeWdPZslCibw1GosZEB:ziDR0BrHskP+0r9Zswis1GaB
TLSH	E8023A3998112817FAA7C6E5A28FBC644333F297C9C702C1139DF67206FB6636922455
Reporter	JoulK
Tags:	doc

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.27301.RtfHeur.BadVer.UNOFFICIAL

SecuriteInfo.com.FakeRTF-2.UNOFFICIAL

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL

Gathering data

Threat name:

Document-Word.Exploit.CVE-2017-11882

Status:

Malicious

First seen:

2020-05-22 06:35:38 UTC

File Type:

Document

Extracted files:

AV detection:

26 of 48 (54.17%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-6gzjyckm92/

Behaviour

Launches Equation Editor

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Enumerates system info in registry

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample