MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6829cb62da82005be89a9f27b85c50a40f9a7a74424bf96500d420e077b8b666. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6829cb62da82005be89a9f27b85c50a40f9a7a74424bf96500d420e077b8b666
SHA3-384 hash: d8afaf12249271668ec8f226bf056a2421328cfa4909a71ea21c95471970b7cc9751d397e06e0a848e8be25fdd93ce59
SHA1 hash: 9c35815a6ed6b43d47670b70a6f981d60d0fd9a2
MD5 hash: 66d0f503da87abb78b9617c154f7c298
humanhash: venus-ten-autumn-asparagus
File name:htniyk.dll
Download: download sample
File size:626'688 bytes
First seen:2020-07-29 11:08:36 UTC
Last seen:2020-07-29 12:22:26 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d4efcfe4ae5bffeadcf10fcb45d46611
ssdeep 12288:hW3CX/HQcLsAsP+h5ae+RN/DN7k7vYGW1sRVPSnEJAoSiRVZMf:+yfBtsmh5aJhDN7k7vYG6sRHJAo9
Threatray 31 similar samples on MalwareBazaar
TLSH 59D4E0017B3180F1D997053169AAE31FDF302635486DDD96FBC00A866DF66DEBA2C34A
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34784/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/402326
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 253519 Sample: htniyk.dll Startdate: 29/07/2020 Architecture: WINDOWS Score: 25 29 Machine Learning detection for sample 2->29 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 4 other processes 7->15 process5 17 WerFault.exe 9 9->17         started        19 WerFault.exe 19 9 11->19         started        21 WerFault.exe 9 13->21         started        23 WerFault.exe 24 10 15->23         started        25 WerFault.exe 9 15->25         started        27 WerFault.exe 9 15->27         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6829cb62da82005be89a9f27b85c50a40f9a7a74424bf96500d420e077b8b666/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:08:18 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
17 of 25 (68.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2d065db29c3cccec041bbb769dd065dd7d406bf8a4234da2774427da4ffa9785
668ec5b9759f0349cc79113c4d2bb62ebf2239de79532f97248b242df8608a3c
6785ac0d25c3b5a7fa54aa4df7d2a00611305c06b51f1d5d4fb27d1ff2ccdba9
77b2ce43a1a7363d6c90b9b11fc05220511a868f4f8ca72cd6cbe3219f79fbdd
8916a2ccfa61771ecb3ace5da83e029f1ba683f36016fafc50922c9a5615b625
956a4834f9fd06b41877a81e7edb083994d53daae9739fcfb8d4f82203105414
b571436ef8d4284f5dabee122973c8710965a31de19f80f7a8a62cb8cea8f1d6
de034510400de08c5508ad8d236bc533990778cd9867c0a6190a5459cbca6422
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
f080b66a335bf45b2c6f95f9cf3478f82438d518af26053d093b137b5dd01393
+ 21 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200729-e3mhd69nl2/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zapchast
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6829cb62da82005be89a9f27b85c50a40f9a7a74424bf96500d420e077b8b666

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/34784/

Comments