Overview
overview
7Static
static
3SSDRM_for_...le.exe
windows7-x64
3SSDRM_for_...le.exe
windows10-2004-x64
3$PLUGINSDI...md.dll
windows7-x64
3$PLUGINSDI...md.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3PCWProtect...ce.exe
windows7-x64
7PCWProtect...ce.exe
windows10-2004-x64
7GDISpyB.sys
windows7-x64
1GDISpyB.sys
windows10-2004-x64
1PCW.dll
windows7-x64
1PCW.dll
windows10-2004-x64
1PCW64.dll
windows7-x64
7PCW64.dll
windows10-2004-x64
7PCWProtectorB.exe
windows7-x64
1PCWProtectorB.exe
windows10-2004-x64
1PCWProtectorDummy.exe
windows7-x64
1PCWProtectorDummy.exe
windows10-2004-x64
1PCWProtect...64.exe
windows7-x64
1PCWProtect...64.exe
windows10-2004-x64
1PCWProtect...4B.exe
windows7-x64
5PCWProtect...4B.exe
windows10-2004-x64
5PCWProtect...eB.exe
windows7-x64
1PCWProtect...eB.exe
windows10-2004-x64
1PCWUpdater.exe
windows7-x64
7PCWUpdater.exe
windows10-2004-x64
7PCWUpdater64.exe
windows7-x64
7PCWUpdater64.exe
windows10-2004-x64
7PscMng.exe
windows7-x64
1PscMng.exe
windows10-2004-x64
1RDUtil.dll
windows7-x64
1RDUtil.dll
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 14:07
Static task
static1
Behavioral task
behavioral1
Sample
SSDRM_for_mySingle.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
SSDRM_for_mySingle.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
PCWProtectorSetup_Voice_Service.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
PCWProtectorSetup_Voice_Service.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
GDISpyB.sys
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
GDISpyB.sys
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
PCW.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
PCW.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
PCW64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
PCW64.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
PCWProtectorB.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
PCWProtectorB.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
PCWProtectorDummy.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
PCWProtectorDummy.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
PCWProtectorDummy64.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
PCWProtectorDummy64.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
PCWProtectorService64B.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
PCWProtectorService64B.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
PCWProtectorServiceB.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral24
Sample
PCWProtectorServiceB.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
PCWUpdater.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
PCWUpdater.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
PCWUpdater64.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
PCWUpdater64.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
PscMng.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
PscMng.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
RDUtil.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
RDUtil.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
PCWProtectorB.exe
-
Size
567KB
-
MD5
6ce74b64aee3c89d3939bb15ecfe7888
-
SHA1
58ec5c6b43b90aaa6fa7919c1dbf46812378efae
-
SHA256
ccb0bd5f3e296c35b38348cf4f231f93ce9bb57af42c328b0aba9e29103ee391
-
SHA512
f39486655c3d58a62d5c310ce181da0f7dee61e2d3179571b6c1e25ceba3b20c9061565708b8e7c5c5232ca3210348ed82305a105b3b678fadef7b62a2be8c64
-
SSDEEP
12288:D2mLG5GELDDx5HXt/NoUSppY+ATabo9pGHNu4B2Uehy:0rtNoUSj/AeI4reA
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3032 PCWProtectorB.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe 3032 PCWProtectorB.exe