Overview

overview

10

Static

static

PT2.exe

windows7-x64

10

PT2.exe

windows10-2004-x64

10

ho tro.exe

windows7-x64

1

ho tro.exe

windows10-2004-x64

1

hotro.dll

windows7-x64

1

hotro.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    37s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hotro.dll

  • Size

    40KB

  • MD5

    b7325a3e4fda321b7201f4639626aa16

  • SHA1

    837e66ffc65dfbc6c09b7630a1df45c7e40fa121

  • SHA256

    723849489c9294855a0be5c309d1de8888803258adf5b5d3e46cab380eb5c219

  • SHA512

    ce97e2355982dd48efd71dc64c28a9354403d1d2763341c3d5c9ec41bbe5823285a4c0e2bce285d44f204df430d9b964d981fe111fb8d76b6d067f9f2d81e7f8

  • SSDEEP

    768:Vqgq4wKh8ERKTYbbX7yX9FScCjCB4ZT8oUb:XDkTUbX7iHSchdoI

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\hotro.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\hotro.dll,#1
      2⤵
        PID:1580

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1580-54-0x0000000000000000-mapping.dmp

      Download

    • memory/1580-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

      Filesize

      8KB

      Download