ea1d8a00f548358cd327ad34c5e4ec61bc383acf57be8c12176be89477c0c6bf

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:26

Target

catsrvut.dll
Size

397KB
MD5

513b5db71f2a0490400cbebd8c1f0780
SHA1

d6cfda4b15eca165105e21e4e0c5b31bc8584b39
SHA256

ea1d8a00f548358cd327ad34c5e4ec61bc383acf57be8c12176be89477c0c6bf
SHA512

2bf112aa13c578306f7356d2e639deab96554b5093ff4580ff6fb19e8498b6b2c49607d6533c9724ab3c13812f1295294ccae6e10c8d61887c2df76a52812521
SSDEEP

6144:8TrouM4fId/H2jO0nuh0sdlVVI9bM8OlOeriQwkzjePIg7Kml1Voy1HqxWhDiaJf:G4lVVI9485UZWhl1Voy1HDNiCU/s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 3388	4304	regsvr32.exe	83
PID 4304 wrote to memory of 3388	4304	regsvr32.exe	83
PID 4304 wrote to memory of 3388	4304	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\catsrvut.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\catsrvut.dll
  2⤵
  PID:3388