Windows Analysis Report
DNSCCB.msc

Overview

General Information

Sample name: DNSCCB.msc
Analysis ID: 1501495
MD5: d81e6c0ef9688e67df94753896b2a762
SHA1: 6290a85f1d5a2a0717ecbbc273dbe3d071de65f4
SHA256: b397b438c6e5e6a6f24525d266c27a992e7cd355d80f70ead090649115b7fa03

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Creates a window with clipboard capturing capabilities
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Classification

Creates a window with clipboard capturing capabilities
Source: C:\Windows\System32\mmc.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: classification engine Classification label: clean1.winMSC@1/0@0/0
Source: C:\Windows\System32\mmc.exe File created: C:\Users\user\AppData\Roaming\Microsoft\MMC Jump to behavior
Source: C:\Windows\System32\mmc.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\System32\mmc.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: mmcbase.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: ninput.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: mmcndmgr.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: filemgmt.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\mmc.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C5F432A-EF40-4669-9974-9671D4FC2E12}\InprocServer32 Jump to behavior
Source: C:\Windows\System32\mmc.exe Window found: window name: msctls_updown32 Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\mmc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\mmc.exe Window / User API: threadDelayed 3510 Jump to behavior
Source: C:\Windows\System32\mmc.exe Window / User API: threadDelayed 6490 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1501495 Sample: DNSCCB.msc Startdate: 30/08/2024 Architecture: WINDOWS Score: 1 4 mmc.exe 2 6 2->4         started       
No contacted IP infos