MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606
SHA3-384 hash: 0586a0e27384394dd7ea0e9c1609c77fe7a7a169f8c175280d6fcfce0aca58498eb454fbd0ccdaba9b65de5d524f4aa9
SHA1 hash: b7cddd45bf477f1a2f8c4343f213454fe57f9b5f
MD5 hash: cd2a5eb1bf35cb53b20c75be741ac1f4
humanhash: emma-bravo-alpha-freddie
File name:Supplier Registration.xls
Download: download sample
File size:424'448 bytes
First seen:2026-06-15 16:51:55 UTC
Last seen:Never
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 6144:7Z+RwPONXoRjZ7SezmfDlavx+W/WGW3i9BxfQvUNNtnJQNrLE+gTzTpZBjdtEEQP:Yi9PQvUJ0E6TMgdv
TLSH T11A94E051F664961BDF1A0F39EBC796E24612FCB29E2A860F6140735E1DF3280AD13D4E
TrID 34.9% (.XLS) Microsoft Excel sheet (32500/1/3)
30.1% (.XLS) Microsoft Excel sheet (alternate) (28000/1/3)
26.3% (.XLS) Microsoft Excel sheet (alternate) (24500/1/2)
8.6% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika xls
Reporter abuse_ch
Tags:xls

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
SE SE
Vendor Threat Intelligence
Malware configuration found for:
MSO
Details
Link:
https://research.acce.ciphertechsolutions.com/results/c629dc2b-9068-473a-a8a2-afea1e143c48/
Malware family:
n/a
ID:
1
File name:
xls
Verdict:
No threats detected
Analysis date:
2026-06-15 17:17:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8bbd3504-8862-4e76-9a63-70ac79f79cde

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70851/
Detection(s):
SecuriteInfo.com.Exploit.CVE-2017-0199-3.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.93TilInfinity.20240412.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a302e0934eaf30d8ce6676a
Tags:
trojan macro micro
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Connection attempt to an infection source by exploiting the app vulnerability
DNS request
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Creating a process with a hidden window
Connection attempt
Sending a custom TCP request
Possible injection to a system process
Connection attempt by exploiting the app vulnerability
Sending an HTTP GET request
Query of malicious DNS domain
Bypassing of proactive protection methods using Windows Management Instrumentation (WMI)
Sending a TCP request to an infection source by exploiting the app vulnerability
Launching a process by exploiting the app vulnerability
Result
Verdict:
Malicious
File Type:
Legacy Excel File with Macro
Link:
https://app.docguard.net/ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606/results/dashboard
Payload URLs
URL
File name
http://0000015353103474/www.tatatelebusiness.comcampaignmicrosoft_azuregclsrc=aw.ds&&&utm_campaign=Azure_Cloud_Computing_Bing&utm_source=bing&utm_medium=13216158421.php
Embedded Ole
Behaviour
SuspiciousRTF detected
Verdict:
Malicious
Labled as:
CVE-2017-0199
Link:
https://www.hybrid-analysis.com/sample/ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606
Label:
Malicious
Suspicious Score:
10/10
Score Malicious:
1%
Score Benign:
0%
Link:
https://www.malware.ai/gui/files/?id=991df277-b647-49ee-820f-b4b7b6eaa6e8
Verdict:
Malicious
File Type:
xls
First seen:
2026-06-14T23:37:00Z UTC
Last seen:
2026-06-15T13:05:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1928212
Signature
Antivirus / Scanner detection for submitted sample
Document exploit detected (process start blacklist hit)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Microsoft Office Child Process
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
OFFICE
Link:
https://malprob.io/report/ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606/
Verdict:
Malicious
Threat:
Trojan.MSOffice.UrcBadur
Link:
https://tip.neiki.dev/file/ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5zhxcddixqrbj7v6wajhzs26cepbutib63kfapx5ekui7mkgiyda._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence ransomware
Link:
https://tria.ge/reports/260615-vd3q8afx3n/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:informational_win_ole_protected
Create hunting rule
Author:Jeff White (karttoon@gmail.com) @noottrak
Description:Identify OLE Project protection within documents.
Rule name:XLS_STRINGS
Create hunting rule
Author:somedieyoungZZ
Description:Detect Strings targeting Bangladesh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/70851/

Comments