Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
28-11-2020 10:53
General
-
Target
25bb7618c80b2f912790e7f54f898a5f.exe
-
Size
959KB
-
MD5
25bb7618c80b2f912790e7f54f898a5f
-
SHA1
96ffd62a194f6436592dd9a3c59fe9223bb72611
-
SHA256
f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd
-
SHA512
d63fb34e6f6dd0d4ecde2bccf9ddb67c1516d4f4c82bce6f8479b0bfed6fafca7bd4b5f02b71859387f30ca432fc0c262df5e5739e6ba44b40f45b1e85c0e312
Malware Config
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25bb7618c80b2f912790e7f54f898a5f.exe"C:\Users\Admin\AppData\Local\Temp\25bb7618c80b2f912790e7f54f898a5f.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {95FFFDE9-4440-4D3A-ADEF-A454E2BBA795} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\qsqai\rpdk.exeC:\ProgramData\qsqai\rpdk.exe start2⤵
- Executes dropped EXE
- Drops file in Windows directory
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
25bb7618c80b2f912790e7f54f898a5f
SHA196ffd62a194f6436592dd9a3c59fe9223bb72611
SHA256f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd
SHA512d63fb34e6f6dd0d4ecde2bccf9ddb67c1516d4f4c82bce6f8479b0bfed6fafca7bd4b5f02b71859387f30ca432fc0c262df5e5739e6ba44b40f45b1e85c0e312
-
MD5
25bb7618c80b2f912790e7f54f898a5f
SHA196ffd62a194f6436592dd9a3c59fe9223bb72611
SHA256f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd
SHA512d63fb34e6f6dd0d4ecde2bccf9ddb67c1516d4f4c82bce6f8479b0bfed6fafca7bd4b5f02b71859387f30ca432fc0c262df5e5739e6ba44b40f45b1e85c0e312
-