Overview

overview

9

Static

static

9

hyword/hyw...TS.dll

windows7-x64

1

hyword/hyw...TS.dll

windows10-2004-x64

8

hyword/hyw...ch.msi

windows7-x64

8

hyword/hyw...ch.msi

windows10-2004-x64

8

hyword/hyw...hm.dll

windows7-x64

6

hyword/hyw...hm.dll

windows10-2004-x64

6

hyword/hyw...HS.dll

windows7-x64

1

hyword/hyw...HS.dll

windows10-2004-x64

1

hyword/hyw...ce.dll

windows7-x64

1

hyword/hyw...ce.dll

windows10-2004-x64

1

hyword/hyw...lc.exe

windows7-x64

1

hyword/hyw...lc.exe

windows10-2004-x64

1

hyword/hyw...lc.exe

windows7-x64

1

hyword/hyw...lc.exe

windows10-2004-x64

7

hyword/hyw...ut.exe

windows7-x64

3

hyword/hyw...ut.exe

windows10-2004-x64

7

hyword/hyw...lk.chm

windows7-x64

1

hyword/hyw...lk.chm

windows10-2004-x64

1

hyword/hyw...lk.dll

windows7-x64

1

hyword/hyw...lk.dll

windows10-2004-x64

1

hyword/hyw...rd.exe

windows7-x64

3

hyword/hyw...rd.exe

windows10-2004-x64

7

hyword/hyword/lpk.dll

windows7-x64

8

hyword/hyword/lpk.dll

windows10-2004-x64

8

hyword/hyw...60.dll

windows7-x64

1

hyword/hyw...60.dll

windows10-2004-x64

1

hyword/hyw...fc.dll

windows7-x64

8

hyword/hyw...fc.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hyword/hyword/hycalc.exe

  • Size

    26KB

  • MD5

    0710f2c3357a6f49f7e172f8e52d5979

  • SHA1

    c9ff9afbc09457fa69de90340a5fd9b7aa091d74

  • SHA256

    89c4c14ec5bc9b48db546308b1b2359eec0f45c7bf802868a1138f84d6eacc89

  • SHA512

    a769e67bf37133d6eebfa55c900b8468936b81e918e0eea11badf81b797194fc1fb402a77ecd66725340bcc10566a62cc23da2684141f4862623ca0167ee92c2

  • SSDEEP

    384:myFgGragH/lD4zCyamzZk7hwKNbHh8MUUAxPr6+e9Pfqbn1k5m1N:a0HND4zCyamdk1dHKMUnxeha5km

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hyword\hyword\hycalc.exe
    "C:\Users\Admin\AppData\Local\Temp\hyword\hyword\hycalc.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1604
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
    1⤵
      PID:1276
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x560
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:520

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1604-57-0x0000000076461000-0x0000000076463000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1604-58-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1604-59-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download