MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530
SHA3-384 hash: c4724d63175dac0a74950bf42ec9f434696ae586f5119e99270f0eb3c888417c0d057bbca89bc976b4410e7fcc47da9a
SHA1 hash: 3938dd5317ff3f2fa4baa06f39c2b240e2a896e9
MD5 hash: d16427f5cff23f456934e7aecaba226c
humanhash: yankee-asparagus-earth-romeo
File name:d16427f5cff23f456934e7aecaba226c
Download: download sample
File size:18'191 bytes
First seen:2022-06-29 08:40:11 UTC
Last seen:2022-08-18 00:11:34 UTC
File type:Word file docx
MIME type:application/octet-stream
ssdeep 384:9Wtae3fmjBHXzFHZ8NOtPxXYtR7RM+Ye69RxZ05SdiEGIGm:oU2ejVXz38NVXRM+Ye+xZtiEGId
TLSH T12F82CF28A6D7EC27D663183C660819E2E519458BD157FA8B035CB1DFCB3FD042B34985
TrID 51.0% (.DOCX) Word Microsoft Office Open XML Format document (23500/1/4)
38.0% (.ZIP) Open Packaging Conventions container (17500/1/4)
8.6% (.ZIP) ZIP compressed archive (4000/1)
2.1% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter zbetcheckin
Tags:zip

Intelligence

File Origin
# of uploads :
3
# of downloads :
239
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
THE FUTURE OF OCC MEETINGS IN 2022 copy.docx
Verdict:
No threats detected
Analysis date:
2022-06-29 16:57:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5a564b79-e548-4c5d-a477-c74e106442d6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
File type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document
Has a screenshot:
False
Contains macros:
False
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Result
Verdict:
Malicious
File Type:
OOXML Word File with Embedding Objects
Link:
https://app.docguard.net/e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530/results/dashboard
Payload URLs
URL
File name
7.3.3.2
app.xml
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/62bc1023438319d5b60669a7/reports/14195849-2783-49d5-99a2-e735343cf30d/overview
Label:
Malicious
Suspicious Score:
9.6/10
Score Malicious:
97%
Score Benign:
3%
Link:
https://www.malware.ai/gui/files/?id=7edc99db-d41d-43a5-824a-62243c3ae323
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530
Details
Document With No Content
Document contains little or no semantic information.
External Relationship Element
Document contains an externally hosted relationship, which fetches further content.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1021792
Signature
Contains an external reference to another file
Detected suspicious Microsoft Office reference URL
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530/
Threat name:
Document-Office.Exploit.CVE-2022-30190
Create hunting rule
Status:
Malicious
First seen:
2022-06-28 22:59:07 UTC
File Type:
Document
Extracted files:
22
AV detection:
10 of 30 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5fxamymxywz72ohhuerrrirs3ywiu4b2b5az4c36gaeh65jf4uya._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220629-lwl2ragehj/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Office loads VBA resources, possible macro or embedded object present
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Word file docx e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2252346/
  
URLhaus
https://urlhaus.abuse.ch/url/2252347/

Comments


Avatar
zbet commented on 2022-06-29 08:40:18 UTC

url : hxxps://consumerfinanceguide.com/blog/index/CiscoSpark.docx