Analysis

  • max time kernel
    169s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2022 10:20

General

  • Target

    6abb89f0b7a246d736bf4f69fd6db17b72cfeb82af0a1931880b37b6fb2ff8cd.exe

  • Size

    22KB

  • MD5

    292bb8ccc16540210ea0b147748757a6

  • SHA1

    06854d1f0bcd938a3748ac146db43ab503f2179a

  • SHA256

    6abb89f0b7a246d736bf4f69fd6db17b72cfeb82af0a1931880b37b6fb2ff8cd

  • SHA512

    b49356e0b5b12e85c6e7e32241c0c827d3a39f3209796fe9555213dcbaf58122d42e299c819ad5216cf18aec0b0a22def529f055e38e186353012431033c307a

  • SSDEEP

    384:0YImhoWVkxT5GEZpw4/fYzlvbWDUCElU8f6DW9TeVOtD1/lNcoOOuK+cyH:RDqxT5Jgaie4tpH1yH

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6abb89f0b7a246d736bf4f69fd6db17b72cfeb82af0a1931880b37b6fb2ff8cd.exe
    "C:\Users\Admin\AppData\Local\Temp\6abb89f0b7a246d736bf4f69fd6db17b72cfeb82af0a1931880b37b6fb2ff8cd.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    PID:1972
  • C:\Windows\SysWOW64\tyhhyg.exe
    C:\Windows\SysWOW64\tyhhyg.exe
    1⤵
    • Executes dropped EXE
    • Checks processor information in registry
    PID:3484

Network

  • flag-us
    DNS
    yk.j22g.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    yk.j22g.com
    IN A
    Response
    yk.j22g.com
    IN A
    188.114.96.0
    yk.j22g.com
    IN A
    188.114.97.0
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    yk.j22g.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    yk.j22g.com
    IN A
    Response
    yk.j22g.com
    IN A
    188.114.96.0
    yk.j22g.com
    IN A
    188.114.97.0
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • flag-us
    DNS
    an.a89n.com
    tyhhyg.exe
    Remote address:
    8.8.8.8:53
    Request
    an.a89n.com
    IN A
    Response
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 95.101.78.106:80
    322 B
    7
  • 93.184.220.29:80
    322 B
    7
  • 20.44.10.122:443
    322 B
    7
  • 104.110.191.133:80
    322 B
    7
  • 104.110.191.133:80
    322 B
    7
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 104.110.191.133:80
    322 B
    7
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 188.114.96.0:1314
    yk.j22g.com
    tyhhyg.exe
    260 B
    5
  • 8.8.8.8:53
    yk.j22g.com
    dns
    tyhhyg.exe
    57 B
    89 B
    1
    1

    DNS Request

    yk.j22g.com

    DNS Response

    188.114.96.0
    188.114.97.0

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    yk.j22g.com
    dns
    tyhhyg.exe
    57 B
    89 B
    1
    1

    DNS Request

    yk.j22g.com

    DNS Response

    188.114.96.0
    188.114.97.0

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

  • 8.8.8.8:53
    an.a89n.com
    dns
    tyhhyg.exe
    57 B
    130 B
    1
    1

    DNS Request

    an.a89n.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\tyhhyg.exe

    Filesize

    22KB

    MD5

    292bb8ccc16540210ea0b147748757a6

    SHA1

    06854d1f0bcd938a3748ac146db43ab503f2179a

    SHA256

    6abb89f0b7a246d736bf4f69fd6db17b72cfeb82af0a1931880b37b6fb2ff8cd

    SHA512

    b49356e0b5b12e85c6e7e32241c0c827d3a39f3209796fe9555213dcbaf58122d42e299c819ad5216cf18aec0b0a22def529f055e38e186353012431033c307a

  • C:\Windows\SysWOW64\tyhhyg.exe

    Filesize

    22KB

    MD5

    292bb8ccc16540210ea0b147748757a6

    SHA1

    06854d1f0bcd938a3748ac146db43ab503f2179a

    SHA256

    6abb89f0b7a246d736bf4f69fd6db17b72cfeb82af0a1931880b37b6fb2ff8cd

    SHA512

    b49356e0b5b12e85c6e7e32241c0c827d3a39f3209796fe9555213dcbaf58122d42e299c819ad5216cf18aec0b0a22def529f055e38e186353012431033c307a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.