80a1d0b86d0577e8fa58944185c37efe5999ba30aa31b9863af37911a6d9d653 | Triage

Analysis

max time kernel
16s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/05/2023, 16:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hot.dll
Size

6KB
MD5

ff860257f3c9762f20e5b2d522e7ee14
SHA1

3a36ab399cb0b29dada74c398a960bfe36d8cc9a
SHA256

80a1d0b86d0577e8fa58944185c37efe5999ba30aa31b9863af37911a6d9d653
SHA512

734bd61cca7cb9f5a71260c03c5bdccf8916308aa13c2986d075ad517b7fb2740a14c22bb7279ab34344056434c23a65188d1727f36f9586f5dc46f8830a6230
SSDEEP

96:NQST2B3NXPcABqzHd4qBthKA0OIOesTUbeSHRoYP:NKJrwzRlKPsQXHRoQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28
PID 1300 wrote to memory of 1328	1300	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\hot.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\hot.dll,#1
  2⤵
  PID:1328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads