Overview

overview

10

Static

static

761e217f02...df.exe

windows7_x64

10

761e217f02...df.exe

windows10_x64

10

Analysis

  • max time kernel
    127s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    28-11-2020 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    761e217f02855c7368259f63332d61df.exe

  • Size

    266KB

  • MD5

    761e217f02855c7368259f63332d61df

  • SHA1

    a8f7630f3804f9d52da46e18efa0116ff5d4262b

  • SHA256

    d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629

  • SHA512

    d24886f732a2e3d38e56ff56ea0e2f65eb686af2ace6c76368930505b1efcf2124727b65cbf2d406805ee9e73b074af8d6434e5503f8b14745625e3026a7278c

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\761e217f02855c7368259f63332d61df.exe
    "C:\Users\Admin\AppData\Local\Temp\761e217f02855c7368259f63332d61df.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:728
  • C:\ProgramData\qojmqpt\cicv.exe
    C:\ProgramData\qojmqpt\cicv.exe start
    1⤵
    • Executes dropped EXE
    PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\qojmqpt\cicv.exe
    MD5

    761e217f02855c7368259f63332d61df

    SHA1

    a8f7630f3804f9d52da46e18efa0116ff5d4262b

    SHA256

    d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629

    SHA512

    d24886f732a2e3d38e56ff56ea0e2f65eb686af2ace6c76368930505b1efcf2124727b65cbf2d406805ee9e73b074af8d6434e5503f8b14745625e3026a7278c

    Download Submit

  • C:\ProgramData\qojmqpt\cicv.exe
    MD5

    761e217f02855c7368259f63332d61df

    SHA1

    a8f7630f3804f9d52da46e18efa0116ff5d4262b

    SHA256

    d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629

    SHA512

    d24886f732a2e3d38e56ff56ea0e2f65eb686af2ace6c76368930505b1efcf2124727b65cbf2d406805ee9e73b074af8d6434e5503f8b14745625e3026a7278c

    Download Submit

  • memory/208-6-0x0000000004FC0000-0x0000000004FC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/728-2-0x00000000064F0000-0x00000000064F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/728-3-0x00000000064F0000-0x00000000064F1000-memory.dmp

    Filesize

    4KB

    Download