113ede50bbabf2d564dc1ad9b1166103a77766a7190945a3d732e34aa57ce272

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:55

Target

SensorsApi.dll
Size

318KB
MD5

4b3a2b2d7a26d0567a255ffd09ba078c
SHA1

b9a7ee7bb2bfc5b86c9f9fd17584ddbedf071e48
SHA256

113ede50bbabf2d564dc1ad9b1166103a77766a7190945a3d732e34aa57ce272
SHA512

e2dbb3321fa1040c541f674fb65198160d3e70b10a6116c8c0b4c197bb5fbc7704f0dd0c9e0344aef411017143fcff65d8b27ba96913acb5fb424e28b64d56fc
SSDEEP

6144:ZrJOuk6PaTCqJ79qr0UUTnK301Ur4UF5oY5NxvkHf7EuGv5ITRD0OQF+uoo6cVls:muk6UC84QUUfyr4UoS6uHYw8WNZiKf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 4644	3724	regsvr32.exe	83
PID 3724 wrote to memory of 4644	3724	regsvr32.exe	83
PID 3724 wrote to memory of 4644	3724	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\SensorsApi.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\SensorsApi.dll
  2⤵
  PID:4644