072e244f3c1e865c53ed271f58be1dacc8263bbed3d94c6a95c17572f38a84eb

Analysis

max time kernel
145s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
18/11/2023, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Newtonsoft.Json.dll
Size

312KB
MD5

6dc7988bf02bdccb02c03ccd5cfc856e
SHA1

94c503650f7dbff46b92940aca10e33c0ec25e5f
SHA256

813f3221c13b52784a6fa8f0a148e829c4d8d1c8886d0bd4d978676195949711
SHA512

577bfa142709b3c5119623b7c77d7e385eae512231badece18905a21139b57157c230d72142b551eb809d06c7b7d3f3b83a495d75d3bd0bbed3376c2ecbe7059
SSDEEP

6144:BN5uorsKqJVDw3ogTpxzm6kr0tmnXwxHE:9uowKUVWPq7QknA

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2224	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#1
1⤵
PID:4768

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4336

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-0-0x000001BAA90A0000-0x000001BAA90B0000-memory.dmp

Filesize
64KB

Download
memory/2224-16-0x000001BAA91A0000-0x000001BAA91B0000-memory.dmp

Filesize
64KB

Download
memory/2224-32-0x000001BAB1790000-0x000001BAB1791000-memory.dmp

Filesize
4KB

Download
memory/2224-33-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-34-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-35-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-36-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-37-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-38-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-39-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-40-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-41-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-42-0x000001BAB17B0000-0x000001BAB17B1000-memory.dmp

Filesize
4KB

Download
memory/2224-43-0x000001BAB13E0000-0x000001BAB13E1000-memory.dmp

Filesize
4KB

Download
memory/2224-44-0x000001BAB13D0000-0x000001BAB13D1000-memory.dmp

Filesize
4KB

Download
memory/2224-46-0x000001BAB13E0000-0x000001BAB13E1000-memory.dmp

Filesize
4KB

Download
memory/2224-49-0x000001BAB13D0000-0x000001BAB13D1000-memory.dmp

Filesize
4KB

Download
memory/2224-52-0x000001BAB1310000-0x000001BAB1311000-memory.dmp

Filesize
4KB

Download
memory/2224-64-0x000001BAB1510000-0x000001BAB1511000-memory.dmp

Filesize
4KB

Download
memory/2224-66-0x000001BAB1520000-0x000001BAB1521000-memory.dmp

Filesize
4KB

Download
memory/2224-68-0x000001BAB1630000-0x000001BAB1631000-memory.dmp

Filesize
4KB

Download
memory/2224-67-0x000001BAB1520000-0x000001BAB1521000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads