Overview
overview
9Static
static
9hyword/hyw...TS.dll
windows7-x64
1hyword/hyw...TS.dll
windows10-2004-x64
8hyword/hyw...ch.msi
windows7-x64
8hyword/hyw...ch.msi
windows10-2004-x64
8hyword/hyw...hm.dll
windows7-x64
6hyword/hyw...hm.dll
windows10-2004-x64
6hyword/hyw...HS.dll
windows7-x64
1hyword/hyw...HS.dll
windows10-2004-x64
1hyword/hyw...ce.dll
windows7-x64
1hyword/hyw...ce.dll
windows10-2004-x64
1hyword/hyw...lc.exe
windows7-x64
1hyword/hyw...lc.exe
windows10-2004-x64
1hyword/hyw...lc.exe
windows7-x64
1hyword/hyw...lc.exe
windows10-2004-x64
7hyword/hyw...ut.exe
windows7-x64
3hyword/hyw...ut.exe
windows10-2004-x64
7hyword/hyw...lk.chm
windows7-x64
1hyword/hyw...lk.chm
windows10-2004-x64
1hyword/hyw...lk.dll
windows7-x64
1hyword/hyw...lk.dll
windows10-2004-x64
1hyword/hyw...rd.exe
windows7-x64
3hyword/hyw...rd.exe
windows10-2004-x64
7hyword/hyword/lpk.dll
windows7-x64
8hyword/hyword/lpk.dll
windows10-2004-x64
8hyword/hyw...60.dll
windows7-x64
1hyword/hyw...60.dll
windows10-2004-x64
1hyword/hyw...fc.dll
windows7-x64
8hyword/hyw...fc.dll
windows10-2004-x64
1Analysis
-
max time kernel
141s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 07:31
Behavioral task
behavioral1
Sample
hyword/hyword/ChTTS.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
hyword/hyword/ChTTS.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
hyword/hyword/CnSpeech.msi
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
hyword/hyword/CnSpeech.msi
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
hyword/hyword/Unchm.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
hyword/hyword/Unchm.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
hyword/hyword/VB6CHS.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
hyword/hyword/VB6CHS.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
hyword/hyword/appface.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
hyword/hyword/appface.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
hyword/hyword/cjcalc.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral12
Sample
hyword/hyword/cjcalc.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
hyword/hyword/hycalc.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral14
Sample
hyword/hyword/hycalc.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
hyword/hyword/hyinput.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
hyword/hyword/hyinput.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
hyword/hyword/hytalk.chm
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
hyword/hyword/hytalk.chm
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
hyword/hyword/hytalk.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral20
Sample
hyword/hyword/hytalk.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
hyword/hyword/hyword.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral22
Sample
hyword/hyword/hyword.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
hyword/hyword/lpk.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
hyword/hyword/lpk.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
hyword/hyword/msvbvm60.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
hyword/hyword/msvbvm60.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
hyword/hyword/wbfc.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral28
Sample
hyword/hyword/wbfc.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
hyword/hyword/msvbvm60.dll
-
Size
1.3MB
-
MD5
62c6c1ed346b2478f6833f0358f51026
-
SHA1
f0115cef6474ea41d5bc124544516854daf13de4
-
SHA256
46467c73fb928256fda19260d11ac3d228cb4f33d145ac7bf05505075c43a989
-
SHA512
dd54cc78cbc38394a74a412c3e526f5781603373e480b303256528e6c6b4aa86573a9eecdce018d3a27226f9aaa538fe0ed72299ccff5c3c93817f11fcd2eb90
-
SSDEEP
24576:ycOPu8lodWFF9V/zNItUSGmtcuyNiUqH/vWOO1G6fUG+VO7HDF4DB2sjhsJGJ:lwu82WFFvmt3yNiUqH/vbf6fUG+OjeDn
Malware Config
Signatures
-
Modifies registry class 64 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}\ = "DataBindings" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\ = "_DClass" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C5-4442-11D1-8906-00A0C9110049}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ = "DataObjectFiles" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ = "SelectedControls" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E469E0-BF61-11CF-8385-8F69D8F1350B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\TypeLib\Version = "6.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\ = "EventParameters" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\ = "_DDataBoundAndDataSourceClass" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\ = "VBPropertyBag" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\TypeLib\Version = "6.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ = "EventParameter" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\TypeLib\Version = "6.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C5-4442-11D1-8906-00A0C9110049} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\TypeLib\ = "{000204EF-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\TypeLib\Version = "6.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{888A5A60-B283-11CF-8AD5-00A0C90AEA82}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C1-4442-11D1-8906-00A0C9110049}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\TypeLib\Version = "6.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\TypeLib\Version = "6.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\TypeLib\Version = "6.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\TypeLib\Version = "6.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\ = "DataBinding" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4616 wrote to memory of 396 4616 regsvr32.exe regsvr32.exe PID 4616 wrote to memory of 396 4616 regsvr32.exe regsvr32.exe PID 4616 wrote to memory of 396 4616 regsvr32.exe regsvr32.exe