Overview

overview

10

Static

static

761e217f02...df.exe

windows7_x64

10

761e217f02...df.exe

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    28-11-2020 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    761e217f02855c7368259f63332d61df.exe

  • Size

    266KB

  • MD5

    761e217f02855c7368259f63332d61df

  • SHA1

    a8f7630f3804f9d52da46e18efa0116ff5d4262b

  • SHA256

    d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629

  • SHA512

    d24886f732a2e3d38e56ff56ea0e2f65eb686af2ace6c76368930505b1efcf2124727b65cbf2d406805ee9e73b074af8d6434e5503f8b14745625e3026a7278c

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\761e217f02855c7368259f63332d61df.exe
    "C:\Users\Admin\AppData\Local\Temp\761e217f02855c7368259f63332d61df.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:836
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {C9E5968C-DAED-4004-974A-F0B38C8BC136} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\ProgramData\xpbwr\tbvuvu.exe
      C:\ProgramData\xpbwr\tbvuvu.exe start
      2⤵
      • Executes dropped EXE
      PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\xpbwr\tbvuvu.exe
    MD5

    761e217f02855c7368259f63332d61df

    SHA1

    a8f7630f3804f9d52da46e18efa0116ff5d4262b

    SHA256

    d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629

    SHA512

    d24886f732a2e3d38e56ff56ea0e2f65eb686af2ace6c76368930505b1efcf2124727b65cbf2d406805ee9e73b074af8d6434e5503f8b14745625e3026a7278c

    Download Submit

  • C:\ProgramData\xpbwr\tbvuvu.exe
    MD5

    761e217f02855c7368259f63332d61df

    SHA1

    a8f7630f3804f9d52da46e18efa0116ff5d4262b

    SHA256

    d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629

    SHA512

    d24886f732a2e3d38e56ff56ea0e2f65eb686af2ace6c76368930505b1efcf2124727b65cbf2d406805ee9e73b074af8d6434e5503f8b14745625e3026a7278c

    Download Submit

  • memory/836-2-0x00000000061C0000-0x00000000061D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1272-4-0x0000000000000000-mapping.dmp

    Download

  • memory/1272-6-0x0000000004CC0000-0x0000000004CD1000-memory.dmp

    Filesize

    68KB

    Download