b49a24feb398e1f5eda6419ffc002fb9bd118282fa0e012924c5442cd9e80dfa

Analysis

max time kernel
139s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 11:51

Target

UserAccountControlSettings.dll
Size

77KB
MD5

aca1f50844e08f3f5178e8ff3f21fbc2
SHA1

3234f37ce08e59b4aa53b5e3d8833ff825af57f0
SHA256

b49a24feb398e1f5eda6419ffc002fb9bd118282fa0e012924c5442cd9e80dfa
SHA512

563c3d462cfa5ac3220b46ff8938c8b823227a92ea51d3aa4708b26f2f45316eb9302f9cd6bdb8b49a4110b670adf18afed562d90e9eaebf9cb7790af83e920b
SSDEEP

1536:1EHbpT5Tg0/DiZN5YF9g93HcVvgfJsJ6fKipmEtqWho/gpNM0W+7lQzwi3zs0xL+:1EHbhq0/DG5YF9S3c7IcCLs7O

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 644	4536	rundll32.exe	86
PID 4536 wrote to memory of 644	4536	rundll32.exe	86
PID 4536 wrote to memory of 644	4536	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UserAccountControlSettings.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\UserAccountControlSettings.dll,#1
  2⤵
  PID:644