74bec14e77146923dae84d4aeb0ca036182b967f4ee69818c972d1c19906eede | Triage

Analysis

max time kernel
106s
max time network
148s
platform
windows10_x64
resource
win10-ja-20211208
submitted
11-02-2022 07:59

Sharing

Report Analysis Logs

General

Target

Newtonsoft.Json.dll
Size

685KB
MD5

081d9558bbb7adce142da153b2d5577a
SHA1

7d0ad03fbda1c24f883116b940717e596073ae96
SHA256

b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
SHA512

2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

rundll32.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#1
1⤵
- Checks whether UAC is enabled
PID:3040

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...