diceloader | b1c0cde97930bbfd18ca72f10db85ab335e87a72b685f59ded5f34f3476397ce

Analysis

max time kernel
222s
max time network
243s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2023, 01:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b842a5f434bca9a1d396f3d1d8bd2da.vbs
Size

236KB
MD5

1b842a5f434bca9a1d396f3d1d8bd2da
SHA1

a35bc1c7c4e09499752db1e1514f9ead9097cc51
SHA256

b1c0cde97930bbfd18ca72f10db85ab335e87a72b685f59ded5f34f3476397ce
SHA512

230afce301230e39f89cf12d332ed7ea94e4e488a242d3a01e029e9eb2906eb738bc5997f1b0acc6506b4f8ec7e7dad5a0ba526036576a33e505588fa7db5334
SSDEEP

6144:ZjSuDJ+FvQcCDROw3fWnAV4FHHU+/BSy8DN9tzOeY:Zj2QcED3fWnAV4FHHjE5XiV

Score

10^/10

diceloader loader

Malware Config

Extracted

Family

diceloader

45.159.249.119

45.150.108.200

Signatures

DiceLoader
DiceLoader is a loader written in C++.
loader diceloader

Blocklisted process makes network request 36 IoCs

flow	pid	Process
47	4948	WScript.exe
53	4948	WScript.exe
54	4948	WScript.exe
55	4948	WScript.exe
56	4948	WScript.exe
57	4948	WScript.exe
58	4948	WScript.exe
59	4948	WScript.exe
65	4948	WScript.exe
67	4948	WScript.exe
68	4948	WScript.exe
69	4948	WScript.exe
71	4948	WScript.exe
72	4948	WScript.exe
75	4948	WScript.exe
76	4948	WScript.exe
77	4948	WScript.exe
78	4948	WScript.exe
79	4948	WScript.exe
80	4948	WScript.exe
81	4948	WScript.exe
82	4948	WScript.exe
83	4948	WScript.exe
84	4948	WScript.exe
85	4948	WScript.exe
86	4948	WScript.exe
87	4948	WScript.exe
88	4948	WScript.exe
89	4948	WScript.exe
90	4948	WScript.exe
91	4948	WScript.exe
92	4948	WScript.exe
93	4948	WScript.exe
94	4948	WScript.exe
95	4948	WScript.exe
96	4948	WScript.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4948	WScript.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4948	WScript.exe
Token: SeDebugPrivilege	4948	WScript.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1b842a5f434bca9a1d396f3d1d8bd2da.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\text_log.dbg

Filesize
7KB

MD5
70376b88598cb4c3b077664293137ad9

SHA1
d2bbf410505a2c4f59338f69782a614958056eb2

SHA256
2e8dc402a9eab0ed66d96ab458a82ed7d85a2a3fb02bee93f9eae3d147a9cb81

SHA512
39d110c3c1025394f00721039872f3b3c8ae28c70985c33e8ce274f4dbce4d55904ed7270446a726a31d10e04201bc346d15944db4b55fe89d1d53c7574b34b7

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
14KB

MD5
3538b2c6c2300c7c8e1c6325ff28035f

SHA1
a3070f4fa77e80bcbb524ed81fb8da3c27f62856

SHA256
c910c0f94b3ec0acbe47d4b68eaafe8fd09b4f715fb1da9dcdf028e757568bf3

SHA512
01880113e8f98b4f30843d51e1b560f3f60de0ad8bf6b67a0cf6e6b1376b7e51b65bf7d5237516a861823af8b958e1caf30a237c7d0435683f49b45aa6b096c0

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
4KB

MD5
e8c3da7c83e88bcc78bd8868f8ca79f7

SHA1
d19bdfc8370b3262435f2a1b78bb69599210743a

SHA256
6b9425f7c0d74580fefd75034f26c2621a7c5a114095bfc6c9e2e013e1f7eaa3

SHA512
8f81f38107ffb65cfc0dc99260e3f8c6b92e5b1af1b21c892f4b7e5435e11ed85172294c1a2556aad4aa7da04bcd8eb0d0e913f02bd01c3432bc92535bdbffd0

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
4KB

MD5
e8c3da7c83e88bcc78bd8868f8ca79f7

SHA1
d19bdfc8370b3262435f2a1b78bb69599210743a

SHA256
6b9425f7c0d74580fefd75034f26c2621a7c5a114095bfc6c9e2e013e1f7eaa3

SHA512
8f81f38107ffb65cfc0dc99260e3f8c6b92e5b1af1b21c892f4b7e5435e11ed85172294c1a2556aad4aa7da04bcd8eb0d0e913f02bd01c3432bc92535bdbffd0

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
123B

MD5
84273de63fe992438e7c6ef6dda4c7a6

SHA1
4662b74be78882e9efb936876af8a6ae2e64eefc

SHA256
836c44ed04eecc83a4f6d7407df502b189c46c6f4ca4f81a97207bf1227d5e50

SHA512
0d29f512f4ddbbea11154533d262d04072be7f366bcab1c9f72b0d6f5c7af6df7df9d80049f09db22533653ec0480922b8cf2da7b80d5d246b3ecd9c2d71af35

Download Submit
memory/4948-1556-0x00007FFBE3A80000-0x00007FFBE4541000-memory.dmp

Filesize
10.8MB

Download
memory/4948-1798-0x00000255E0250000-0x00000255E0254000-memory.dmp

Filesize
16KB

Download
memory/4948-3-0x00000255F9F40000-0x00000255FA468000-memory.dmp

Filesize
5.2MB

Download
memory/4948-2-0x00000255F9890000-0x00000255F9A0E000-memory.dmp

Filesize
1.5MB

Download
memory/4948-1-0x00000255E0280000-0x00000255E0290000-memory.dmp

Filesize
64KB

Download
memory/4948-0-0x00007FFBE3A80000-0x00007FFBE4541000-memory.dmp

Filesize
10.8MB

Download
memory/4948-1557-0x00000255E0280000-0x00000255E0290000-memory.dmp

Filesize
64KB

Download
memory/4948-4-0x00000255E0240000-0x00000255E0252000-memory.dmp

Filesize
72KB

Download
memory/4948-1805-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download
memory/4948-1806-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download
memory/4948-1807-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download
memory/4948-1808-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download
memory/4948-1809-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download
memory/4948-1810-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download
memory/4948-1811-0x00000255E0250000-0x00000255E0254000-memory.dmp

Filesize
16KB

Download
memory/4948-1812-0x00000255E0260000-0x00000255E0266000-memory.dmp

Filesize
24KB

Download