e0ab7fa50453e9034aff064ee5d5099806120a017948e47bdae502f766ff51ca

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:39

Target

AuthBroker.dll
Size

158KB
MD5

7bc0c283b1387ee2acfe9149a7d4d39b
SHA1

0b5bb313d96ef1a4318adaef315717ba8679760f
SHA256

e0ab7fa50453e9034aff064ee5d5099806120a017948e47bdae502f766ff51ca
SHA512

0edf9f86ae2fa10516ecf293057834e18f577b58f0e4d53970aea24a09231434078bbc27be5193907cae71be25c3ceefb3f871219665ac3dbe30cb9ddba536dd
SSDEEP

3072:WLBjKa2Exeeec2Or/ly2DuzA/LsoWwXa82eZAro3iyjC3BOYSrQsRmQVa/Di:sVeeeWr/ly2Duc/LsoWwXa82eZ93i5BC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 3984	5060	regsvr32.exe	82
PID 5060 wrote to memory of 3984	5060	regsvr32.exe	82
PID 5060 wrote to memory of 3984	5060	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\AuthBroker.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\AuthBroker.dll
  2⤵
  PID:3984